By Dave Michmerhuizen – Research Scientist, Luis Chapetti – Security Researcher
Apple generates huge excitement whenever it announces a new product, particularly when it announces a new model of iPhone. Excitement like that is what spammers look for to get their marks to open dicey emails, click through questionable web pages and hand over their usernames and passwords without really realizing what they've done.
This spam is being actively circulated…
Tempting, isn't it? The “see details” points to a compromised website that serves as an intermediary to another compromised website that hosts a very convincing copy of an ebay item page.
Most of the links on this fake ebay page, the feedback score, the Paypal links, are actually legitimate links. Only the “Buy It Now” link is fake, pointing back to the compromised host where all of the phishing functions are actually carried out.
Actually pressing “Buy It Now” takes you to a convincing login page. Well, it would be convincing if the domain was ebay.com, but the phishers are hoping that you're thinking about that sweet new iPhone you'll be getting so much that you won't be checking the browser bar.
These sorts of forms are actually easy for phishers to set up. Filling this in and clicking on “Sign in” sends all the data back to the compromised server which then forwards the ebay user id and password to the phishers. They use it to take over the account and carry out other identity theft.
Don't let the latest new thing cloud your judgement when you're using the Internet. Always make certain to only enter user credentials on the website they belong in.