Criminals are using a new twist in their efforts to defraud people online via phishing emails, and some victims suspect the fraudsters could be mining eBay user data, according to the BBC. We were alerted to the problem in this post on Komando.com which stated, “A new ransomware, which may be pulling your name and home address from your eBay account, takes phishing email scams to a new, terrifying level.”
eBay suffered a security breach in 2014 when hackers gained unauthorized access to a database of eBay users that included customer name, email address, physical address, phone number and date of birth, though there’s no indication that incident had anything to do with the current scam.
However, several victims told the BBC they were concerned that the criminals might have taken the data from their eBay user accounts, “as their postal addresses had been stored there in the same format as they appeared in the phishing emails.” eBay told the BBC that it works aggressively to protect customer data and privacy and said it wasn’t aware of any link between the new scam and eBay’s data.
The scam works as follows: victims click on a link in a phishing email, causing malware to be installed on their computers; “the malware encrypts victims’ files and demands a ransom be paid before they can be unlocked,” the BBC explained.
While many online sellers are aware of the dangers of phishing emails, they’re also inundated with email – from customer questions to transaction notifications – making them vulnerable to scammers as they try to keep up.
One way to make yourself less vulnerable to such ransomware scams: be sure to backup your computer files on a regular basis.