Fake eBay Confirmation Form

Following Bank of America phishing raid I described last week, a new attempt, probably crafted by the same e-crooks or at least based on the same modus operandi, targets this time the eBay® customers.

The unsolicited message asks the uninformed user to fill in a new mandatory "confirmation form", by following the link provided in the message body.

As you probably guessed, the link does not lead to the e-commerce Web site, but to a .com registered Web page imitating the appearance of the original site.

Phishers seek now to steal - via eBayISAPI1.php script - the following sensitive information: first and last name, complete address and phone number, e-mail address, birth date and SSN, but also eBay user ID and password plus credit/debit card details (card number, expiration date, CVC) including PIN.

For credibility proposes, the same pop-up window previously employed in Bank of America raid appears here too, with slight changes - such as the eBay name and (real) homepage towards which the duped users are automatically redirected after the alleged automatic log out.