Saturday, September 02, 2006

CastleCops PIRT Reports New Version of eBay Phishing

Castle Cops, PIRT-Phishing Incident Reporting and Termination Squad is reporting a new type of phishing attempt with an eBay lure:

CastleCops PIRT has received a new email which tries to get people's full personal information including name, age, location, telephone numbers, gender and marital status on the offer of getting paid to work from home online for a company called "eBay Small Business Limited". Its business is in "manufacturing and selling textiles and fabrics". The email tries to goad you into giving up your personal information with the promise of making easily $300 to $1,000 per week simply by collecting payments on behalf of the Company (all for 3-7 hours per week).

Link, here.

Besides a new type of phishing attempt - this could turn into what is termed a "check cashing scam." In a "check cashing, or job scam," a person is recruited to handle "accounts receivables," which are in reality tied into fraudulent transactions.

The new employee's job is to negotiate transactions sent to them, and wire the money to a far-away locale. The fraudsters (in most instances) instruct the "new employee" to use Western Union, or MoneyGram, which aren't protected by the FDIC.

The transactions are normally "account takeovers" on eBay - also caused by phishing. In an "account takeover" a legitimate eBay user gives up their information as a result of a "phishy e-mail." The Phishermen then take over their account and sell items, which are paid for, but (normally) never received.

Towards the end of the fraud cycle, the fraudsters might also get their employee to negotiate (cash) totally bogus financial instruments. Of course, when the bottom falls out of this, the fraudsters can then steal the identity of the employee involved - having gathered all the information to do so via the employment process.

For the person - who falls for this - although they get the generous commission at first - they are likely going to be hounded for a long time by collection agencies and in some cases, law enforcement.

Believe it, or not - a Better Business Bureau employee fell for this scam. Here is the post, I did on that:

BBB Worker Takes Job Processing Fraudulent eBay Transactions

By the way, PIRT is a great place to "take a bite out of phishing." You can report suspected "phishy e-mails" to them by forwarding them to PIRT@CastleCops.com. After verifying the "phish," they make sure it gets to all the right people!

No comments: