Automated spam on eBay is spreading tailored phishing messages offering to promote users’ products, and the links the spammers share can lead to dangerous websites, according to Paul Ducklin at Naked Security.
The messages themselves contain text customized to a product the target has just posted, and they include an image of a shortened, easy-to-read URL for the user to type into their browser.
The URL is presented as an image because eBay doesn’t support clickable links in messages, partly to discourage the spread of spam. If a user goes to the URL, they’ll be redirected to an advertising site, and the spammer receives a small commission for sending them there. The advertising site is somewhat related to the product the user is selling, based on a number of tags. Ducklin says the spammer has created their “very own targeted advertising service,” which is very cheap to maintain.
“Better yet for the spammer, they can run the whole thing largely automatically, and run dozens of these schemes at the same time, too,” Ducklin writes. “The spammer gets to use the cloud for everything, and doesn’t need to set up any servers or services of their own – they don’t need to know a thing about how to operate DNS, how to run a web server, or how to format HTTP 301 redirects. The whole campaign can be run using little more than a web browser, a few site-scraping scripts and a low-value pre-paid credit card.”
While the spam campaign itself isn’t inherently malicious, Ducklin points out that one of the sites installed a cryptominer, which highlights the danger of visiting untrusted websites. The structure of this campaign could also be used to carry out more widespread and deliberately malicious campaigns.
“When you type in unsolicited links – especially links like the one in this spam, which was deliberately presented in a way to sidestep the accepted policies on links in eBay messages – you’re putting an awful lot of trust where it doesn’t belong,” Ducklin warns.
New-school security awareness training can give your employees a built-in sense of how to stay safe online, even in situations that don’t seem threatening on the surface. Naked Security has the story: https://nakedsecurity.sophos.com/2019/07/03/serious-security-beware-ebay-scrapers/
Here's an infographic to share with your users with some common red flags to watch out for in emails. Get the full PDF.