NEWS FROM THE LAB - Wednesday, August 10, 2005

New phishing tactic Posted by Mikko @ 09:18 GMT

Almost half of the phishing messages we see currently are targeting eBay. However, we've lately seen a new technique used to lure eBay users to divulge their account password.

Instead of sending a fake message from eBay administrators, this message claims to be from a fellow eBay user, complaining: "I sent you the money , where's the package ? You promised that after i send the money you send the goods asap . is this a fraud?"

Fake eBay message

The reply link goes to the average phishing site, quering user's eBay login and password.

Fake eBay login

This fake site is still up, but eBay is very effective in taking down rogue sites like these so it should disappear soon.