Thursday, 2 August 2012

Phishing Email Targets eBay Sellers

A phishing email claiming to be from an unsatisfied customer targets eBay sellers.

It is a common knowledge among eBay sellers and buyers that to increase customer trust and revenue on the buying site, one needs to have good customer feedback. The recently spotted scam email alarms eBay sellers by threatening to post a negative feedback and tricks them to follow a link to reply the message so as to pacify the customer and prevent the feedback from being published.  

Unsurprisingly, the link will lead them to a fake eBay login page where they’re supposed to enter their login credentials. Upon clicking the sign in button, customers are then redirected to the legit eBay website but their credentials have already been harvested by the malicious criminals.

Spotting the Phishing Scam
Anyone can fall victim of a sophisticated phishing email. As always, apart from being ever-suspicious, having the right knowledge in identifying which one is legit and which is not will be your best weapon of defence against these malicious attacks.

To uncover simple phishing attacks, one can examine the link. Some of the links devised for phishing has errors on the spelling. Some may have doubled letters which are hard to notice unless you are a really keen observer, like they may be, instead of Another thing one can do is to run a quick check on the sender’s identity or to send an inquiry to the institution which supposedly sent the email confirming the validity of the mail.

While the said methods may prove helpful in identifying a scam email, they are undoubtedly time consuming. An easier and more effective way to check the legitimacy of a website is through SSL Certificates. A website encrypted with an SSL certificate is a trusted one which owner’s identity has already been validated by a Certificate Authority like GlobalSign.

You’ll find some important trust marks in a trusted website running an SSL Certificate. First, the security padlock and the https on the address bar. Once clicked, the padlock will provide information on the identity of the owner and the issuing Certificate Authority. For some SSL with higher protection, like GlobalSign Extended Validation SSL, the address bar will turn green making it easier for users to identify that they’re browsing on a secure site.


Keywords: Phishing, ev ssl, ssl, globalsign, 

We'd be glad to hear from you, contact us at (+65) 3158 0349, or send us an email.