One bidorbuyer awoke yesterday to yet another phishing attack directed against South Africa’s largest online marketplace. He received an email message that looked like the real thing. In his own words, the message immediately plunged him into a state of anxiety.
The fake bidorbuy message warned him that he has violated site policies and urged him to click here in order to sort out the issue. The message also invited him to log in and start buying and selling on bidorbuy; find more information about buying on bidorbuy; find more information about selling on bidorbuy; and find more information about trading safely on bidorbuy.
All the words and phrases underlined here are links in the message under scrutiny. And all of them lead to the genuine bidorbuy site – except the click here link, which takes the user to a site that begins with http://r8833.infiniteserve. The other links included in the message (Home, My bidorbuy, Forum, Start Selling! and Help), are also a mixed lot, with all but the first one pointing to the real thing.
Included in the phishing message is a phone number, which differs in one digit only from the genuine bidorbuy customer support line.
The set up reveals the clever deviousness of the scammers. When a user receives the panicky-worded message, he may be prompted to first reach for the phone. Getting no luck there, he may start clicking around on the links provided, scan the first two or three URLs, assure himself that all is fine, and then click on the fated click here… which would take him to the fake site, http://r8833.infiniteserve. There, his bidorbuy details would fall into the hands of the criminals who would either rob him of his money, or rob other bidorbuyers in his name. Do note that the latter is as bad as the former: a bidorbuy user has the obligation to keep his bidorbuy log in details safe and remains responsible for what goes on on his bidorbuy account.
The recipient of the phishing message was worried even though he was pretty sure he did nothing wrong. After all, he happens to be a seller who makes a living selling on bidorbuy and cannot afford to lose his verified status on the site.
Luckily, this seller did not give in to panic. Nor did he ask for clarification by pressing the “Reply” button (it would have taken him nowhere). Instead, he contacted the bidorbuy security team by writing to the address he knows and trusts, firstname.lastname@example.org. Our guys, of course, immediately saw though the scam.
If you receive a similar email, let us know by writing to email@example.com, so that we are aware of the scope of this phishing attack. Then delete the message. If you suspect that your bidorbuy account was compromised, write to firstname.lastname@example.org or call 0861 88 0861.
Here is a screen shot that will help you recognise this particular phishing attack at first sight. Do remember, however, that cyber-criminals change their strategy all the time, so keep abreast of new developments.