Attackers Impersonates eBay to Steal Gift Card Payments
Note: We are reader supported and may earn a small commission when you click on links in posts
Cybercriminals are targeting eBay users with a customized eBay impersonation scam. In this attack fraudsters send an email to victims asking eBay Motors payments.
In this latest eBay impersonation scam the attackers attempt to fool victims into sending paying for transaction with gift cards.
This cyberattack may slip past email security filters and fraud detection because it does not contain a suspicious link or harmful email attachment.
Tailored eBay Scam
The email is designed to look legitimate using eBay branding including the use of logos. This is all an attempt to trick the recipient into thinking it is a real invoice for an eBay Motors auction that the user has won.
The eBay impersonation scam appears like a legitimate email because it contains an invoice using eBay branding. It is targeted – the email scam uses victim’s real name. The invoice also contains shipping information for a legitimate street address.
“The payload for this attack is neither a link nor a malware attachment. Like most gift card fraud, it’s entirely text based – the body text and .pdf attachment contain no malicious links or payload, instead relying on the recipient to read and engage with the attacker,” according the cyber security researchers at Abnormal Security who discovered the attack. It is detailed in this post on their website.
The scam email contains a PDF attachment asks for payment for an auction the victim won.
There is no malware in the email attachment. It does not contain any links to click on.
The email only contains instructions to trick the victim into a payment scam.
How to Spot an eBay Scam
Demanding payment with gift cards is a favorite tactic fraudsters. When someone purchases a gift card the money becomes difficulty to trace and impossible to recover.
- Always pay for online transactions with a credit card. When you pay with a gift card or debit card there is no fraud protection from your bank.
- Be highly suspicious of any email that is unsolicited – especially when it contains a link to click on or an email attachment
- Think before you act attackers tend to right messaging in the email that scares you into thinking you must act immediately to avoid some deadline or penalty. For example, it’s common for cybercriminals to tell the victim that they must act immediately to reset an account password or click on a link to avoid a financial penalty
- Only pay for eBay transactions on eBay.com using a secure form of payment connected to your account
- Never pay someone you don’t know with gift cards especially a product or service you have not received yet