We have encountered a new phishing scam that targets ClickandBuy. The London-based competitor to eBay offers both billing ang payment solutions, so it’s no surprise cybercriminals would be interested in stealing the login information of ClickandBuy users.

Phishers have created a duplicate of a legitimate German-language ClickandBuy login page on at least one malicious website. The fake site can be seen below:

Figure 1. Phishing website

After entering their credentials, users would be redirected to the legitimate ClickandBuy site. Users would then think everything was normal, when nothing could be further from the truth. The phishing website is a very close match to the legitimate site, which is shown below for comparison:

Figure 2. Legitimate website

Users are advised to be very careful about where they enter their login credentials to guard against attacks like this. For example, the user’s connection to the phishing site was not encrypted, whereas the connection to the legitimate website was encrypted. (All browsers show this in their user interface, usually using a padlock.)

The phishing URL in this attack is already blocked by the Trend Micro Smart Protection Network.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!