Phishers get fancy with Lamborghini e-mail scam

Gee, I thought you were supposed to give something made of iron or wood on your sixth wedding anniversary, not a Lamborghini.

As I was shopping online last night for a gift for my husband, I received an e-mail from "bidconfirm @ebay.com" asking me to confirm or cancel my bid for a 2006 Lamborghini Roadster. My bid, according to the e-mail, was for US$339,950 (still a bit shy of my maximum bid of US$340,500, said the message, so I had room to comfortably up my price).

I was pretty sure I hadn't placed that bid. Granted, I do a lot of online shopping, but something tells me I'd remember this one - and since many of my colleagues received the same e-mail message it's safe to assume this was a phishing expedition.

At first blush this trick seems pretty stupid; who would actually hit the "confirm bid" button? Phishers usually send e-mail messages designed to lure unsuspecting recipients to a bogus Web site that is purported to be run by a source they trust so they'll enter sensitive or financial information. Who would fall for this obvious scam?

But I think the phisher in this case is actually quite smart. Since the e-mail contains options to confirm or cancel the bid, I bet there are plenty of e-mail users out there who are afraid that eBay some how got them mixed up with the real bidder and they will be responsible for paying $339,000 if they don't immediately click on the button to cancel the bid.

I didn't try it, but I'd wager my Toyota that clicking on either links in the Lamborghini e-mail would direct me to a bogus eBay Web site where a keylogging program waits in the background for me to enter my personal information.

While such phishing attempts may be obvious scams to some of us, there are people out there falling for them. The Anti-Phishing Working Group's latest report says there were 28,571 unique reports of phishing in June alone. These scams must be working to some degree; otherwise, the phishers wouldn't bother.

It's scary to think of how dangerous phishing can be, particularly as phishers come up with more complicated, intricate scams that infiltrate not only our e-mail inboxes, but also VoIP systems, IM communications, and even SMS text messages. Hopefully, a combination of better security technology, more stringent laws with significant penalties, and heightened consumer awareness will reduce the number of identity theft victims who are hooked by phishers.

In the meantime, my husband will have to settle for a less extravagant gift. Nothing says happy sixth anniversary better than a six-pack.

Join the newsletter!

Error: Please check your email address.

More about eBayToyota Motor Corp Aust

Show Comments

Market Place