A new malware attack recently launched targets eBay users in particular. The way the attack works is by sending users e-mails with a link to an infected website, which instantly starts downloading spam and malware to your computer or mobile device.
The e-mail is from “eBay@reply1.ebay.com” that reads “Payment request form” in the subject line. Trusting the sender, many users opened the e-mail to find no text except an attached file called “form.html.”
“It’s a sneaky piece of social engineering on the behalf of the hackers,” one Sophros executive said. “Many people would be tempted to open the attachment to find out what on earth the email is about.”
If you were to open the attachment, your browser will immediately redirect you to a spam website for a Canadian pharmacy. While it looks like just another spammy website, there’s an iFrame hidden in the website that begins to download even more malware from third-party websites to infect your system.
Like other e-mail malware going around, there are a few ways to avoid infection. First of all, it’s important to be cautious when opening unsolicited e-mails. If you don’t trust the sender, or if the e-mail seems fishy, don’t download anything or click on any links. Other red flags include random attachments and lack of instructions or e-mail text.
Aside from just eBay, hackers use all kinds of subject lines and schemes to try to trick you into opening malicious attachments, so even if the e-mail is from a website you trust, be very careful when opening attachments or clicking on links.
(Via eSecurity Planet)