Phishing Expedition Angles For eBay Account Info
Cayam, a worm that poses as a message from eBay, tries to get users of the online auction site to divulge key personal information.
Another phishing expedition appeared on the Internet Thursday, this one dubbed W32/Cayam and aimed at eBay users.
Cayam, which poses as a message from eBay with a subject heading reading "Verify your eBay account information," actually contains a worm in its attached file. When that attachment is opened, the worm displays several legitimate-looking screens that ask the user to enter his or her eBay user ID and password, then complete a seemingly official form.
The form requests a host of personal and financial information, including the user's Social Security number, credit-card information, and bank checking account number.
The worm propagates by lifting addresses out of the target PC's copy of Microsoft Outlook and E-mailing copies of itself to others. It also can spread via the peer-to-peer Kazaa and eMule networks.
Phishing, a term used to describe malicious E-mail that poses as legitimate messages from major companies--usually with the intent to trick the recipient into disclosing personal or financial information--has been more aggressive this year than ever, according to mail filtering firm Postini. It tagged an increase in the potentially lucrative practice as one of its top 10 predictions for 2004.
Earlier this month, the Mimail worm created a stir by trying to fool users into giving up account information for eBay's electronic payment service, PayPal.
About the Author
You May Also Like