Phishing scam uses AOL address to target eBay users

Share this article:
Unknown phishers are using a widely recognized name, AOL, to disguise a false eBay sign-in site, according to the security research team at Fortinet.

The scam collects personal information that could put eBay users at risk for account or identity theft, the company said.

Scam emails, claiming to be from a member of eBay's security team, notify recipients that they have a security alert to resolve. The emails entice victims to click the AOLSearch link, which contains what appears to be an AOL URL address, in order to take action, according to Fortinet.

Following the phishing link takes the user to a site seeking personal information, thus putting the victim at risk of identity theft.

Phishing scams are hard to shut down because it's part of [scammers'] basic business model," said Derek Manky, Fortinet security research engineer.

"We don't have a clue who the originator [is],” he told SCMagazineUS.com. “[The phishing email] landed in one of our researcher's inbox."

Manky added that increasing user awareness is the best protection against social engineering attacks.

"In this case, email is a medium that should be treated as untrusted. Before following any links, users should always take careful consideration of the link, and they should never follow a third party's suggestion,” he said.

Fortinet said that “AOL is currently fixing this issue.”

An AOL representative could not be immediately reached for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.