Scam Of The Week: eBay Password Reset Phishing Emails



eBay Change PasswordOk, unless you were on an Internet-free vacation (fat chance); you have heard that eBay managed to lose all its 145 million credentials. 

Cybercrime works a lot like a business, and they have massive phishing campaigns all set to go for the next major data breach. Just add a logo, change one line of code and they are off to the races.

And so it goes with the recent eBay debacle. Trend Micro predicted that in 2014 we would see one or more major security breaches a month, and up to now they are not far off the mark. There are several pitfalls with a large breach like this: first the data itself will get sold, causing even more identity thefts. Next, the breach will be used by other cyber mafias to social engineer people into going to a fake eBay site, and fill out confidential information.

We have seen this pattern happening over and over again, so this time you get an advanced warning, especially as eBay has made the inexcusable mistake of sending its users an email WITH A LINK THEY NEED TO CLICK. How much stupider can eBay be? After all Phishing 101 is to NEVER click on a link in an email, rather go to the site directly in your browser. The bad guys are going to have a field day with this. Major eBay FAIL.

There will be phishing attacks claiming to be from eBay, with an urgent request to change your password right away, because "your financial data is at risk". While they have you on their fake site, they will probably also ask for your security question and possibly either your credit card or bank account information. So, THINK BEFORE YOU CLICK!

 


Will your users respond to phishing emails?

KnowBe4's Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

PRT-imageHere's how it works:

  • Immediately start your test with your choice of three phishing email reply scenarios
  • Spoof a Sender’s name and email address your users know and trust
  • Phishes for user replies and returns the results to you within minutes
  • Get a PDF emailed to you within 24 hours with the percentage of users that replied

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-reply-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews