A clever e-mail which purports to be from eBay and gathers credit card information from unsuspecting customers is currently circulating on the Web, according to spam filtering company SurfControl.
SurfControl detected the hoax e-mail on Tuesday morning AEST time. According to SurfControl managing director Charles Heunemann, the e-mail is part of an alarming rise in "phishing" scams which have "been getting more sophisticated over the last four weeks or so".
‘Phishing’ is a verbal play on ‘fishing’, in which scammers cast a virtual net and hope to drag in some unlucky Internet users. Typically, phishing e-mails pretend to be from a bank or an online merchant, and dupe users into supplying their credit card numbers.
By first looking at the 'eBay' e-mail, the information submitted from the form seems to be sent to the e-mail address JennyLopez19936@hotmail.com, said Heunemann. And it appears to be sent to that e-mail address.
This form, which is where the credit card details entered by customers finally ends up, is located on a server in Australia -- javelin.server-facility.com. "It seems to be set up solely for the purpose of using that form mailing script, as the main Web site http://188.8.131.52/ just displays 'This Page Intentionally Left Blank'," Heunemann said.
eBay's specialist team was investigating the scam and could not provide specific information at the time this article was posted.
eBay's Australian PR representative Angie Cursley said "spoof e-mails affect many sites on the Internet, not just eBay". She said eBay is part of a newly formed industry coalition developed to fight this type of activity. To help protect its members, eBay posts warnings on the announcement board to give advice on what to do. This can be found at http://www2.ebay.com/aw/marketing-au.shtml.
As far as phishing scams go, Heunemann said this was quite a sophisticated one. "There doesn't seem to be any spelling or grammatical errors, and the whole e-mail is set out very nicely in a way that makes it really look like it was sent from eBay."
Recent phishing scams have affected Westpac, ANZ and National Australia Bank customers.
According to Heunemann, an easy tip-off that an e-mail is suspect is that it requests credit card details. Legitimate services never ask for such details via e-mail, he said.