Phishers target South Africa's BidorBuy auction website

by Graham Cluley on February 21, 2011 | 2 Comments

Filed Under: Phishing, Spam

South African internet users should be on their guard as a wave of phishing emails have been spammed out pretending to be from the country's largest internet auction website.

Emails intercepted by Sophos pretend to be from BidorBuy, and claim that the recipient's account details have been stolen:

Bidorbuy phishing email

Attention! Your BidorBuy account was stolen!
This is a must to ensure that only you have access and use of your BidorBuy account and to ensure a safe BidorBuy experience.

You can well understand that people might be alarmed if they receive a message saying their account has been stolen - imagining that someone else might be purchasing goods in an online auction using their details.

Clicking on the link, however, doesn't take you to the real BidorBuy website but instead takes you to a phishing page set up on a Russian webserver.

It's worth everybody remembering that phishing gangs and cybercriminals don't just target users of multinational global brands such as eBay, PayPal and iTunes. They can also launch attacks targeted on local websites - hoping to make rich pickings if computer users aren't wary enough.

Tags: , , ,

2 Responses to Phishers target South Africa's BidorBuy auction website

  1. @MagicDude4Eva says:
    February 21, 2011 at 3:00 pm

    Phishing is a common problem across many ecommerce sites. At bidorbuy we have educated our users for the last few years about phishing scams via our blog and weekly newsletters - http://blog.bidorbuy.co.za/category/scams.

    Users of our site should know, that logins are always served via SSL and show the green bidorbuy logo in the address bar as we use Thawte Extended Verification SSL certificates.

    Our email is digitally signed via DKIM and DK and GMail/Yahoo will actually display that email is sent from a trusted sender (= bidorbuy).

    It would be great if security products and their email client plugins would honor and validate digital email certificates and half the phishing problem would be a non-issue. Google and Yahoo can do it, it's quite puzzling that your Security suites are not capable of marking forged email based on DKIM signatures.

    Reply Report comment
  2. T.Anne says:
    February 21, 2011 at 3:54 pm

    I've seen these types of emails too - I think it's wise for people (scared by the email or not) to go to the site directly, log in and see if they find anything. Clicking the link is always wrong - if it's legit, you'll see something when you log in directly.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.