12:22 am (UTC-7) | by Paul Pajares (Fraud Analyst)
Looking for cheaper iPhone 4S this holiday season? Be wary, because cybercriminals can trick you into giving out your online financial credentials. We’ve recently found a phishing attack that specifically targets users who are out to purchase an iPhone 4S through eBay.
The attack involves domains that display replicated eBay posts for iPhone 4S units. The screenshots below show a sample of the fake page, and the original eBay post from which the content was copied.
There are some differences between the two pages. For example, the real post uses US dollar as its currency, while the fake post uses Euro. The price in the fake one is also dramatically cheaper. You’ll also notice that the post the cybercriminals chose to replicate is one by a seller with a good reputation, to gain the trust of potential victims.
The fake eBay pages are hosted on domains that are followed by /www.ebay.ie/ in order to trick users into thinking that it is the real eBay domain. All the links in the fake page will lead to the legitimate one, except for the “Buy It Now“. Clicking “Buy It Now” leads to a fake login page that asks users to enter personal information.
After filling out the form, users are directed to a page that says they must contact the seller via email in order to proceed with the transaction.
We’re pretty sure that this is not how transactions go when buying something over eBay. This is most likely a scam that aims to steal money and personal information from its victims. The iPhone 4S is one of the top smartphones in this year’s holiday sales, and clearly the cybercriminals taking advantage of its demand.
This iPhone 4S scam is just one of the many attacks that people might encounter this season. Cybercriminals often leverage holiday activities—such as sending holiday greetings, shopping online, and looking for deals and promos—to launch attacks targeting unsuspecting users.
Well-wishers might wish to send out holiday cheer and love through e-cards or social networking sites. However, some e-cards instead send out malware. Worse still, these email greetings may be used to steal information. Social networking sites, on the other hand, are home to survey scams that wind up charging victims for premium services.
Online shopping is a big convenience for shoppers who want to avoid the crowds. However, cybercriminals often leverage in-demand items, such as the iPhone 4S, to create scams like this one. And since it is the season for shopping, people are also most likely to take advantage of promotions and deals. Cybercriminals respond by churning out fake promos and deals, all to steal information and to spread malware.
For more information on these holiday-related threats, and on ways to how to keep yourself safe, please check our e-book, Season’s Warnings, and our entry Beware of Holiday-Themed Multi-component Online Threats. For more information on online shopping, please read our entry, Online Shopping Made Easy.
Additional text by Abigail Pichel
Share this article