The biggest worry for people buying on an auction/e-commerce site is whether they will get their product or lose their money. There’s no doubt you’ve heard plenty of horror stories from buyers and sellers. Now, there is a new threat out there.
For the most part, buyer-seller transactions are on the up and up; however, hackers are taking advantage of that trust to lead buyers to dangerous sites.
What’s worse, if you click on one of these malicious links your computer could be infected by malware. Learn what danger signs to look out for and how to prevent becoming a hacking victim. Also, we have tips to keep you safe on retail sites in any situation.
Bogus ads and dangerous links
Major auction and e-commerce site eBay works to make sure all transactions stay on eBay. However, hackers are running a spam scam that could cause problems for your computer if you stray off the eBay path.
Researchers at Naked Security by Sophos spotted the spam. Here’s how it works: As soon as an item is listed, the hackers “scrape” its information to build a message providing positive information on the product, as well as offering “viral promotion services.”
The spam is, to the say the least, not very good. There are no spaces between words. Instead, there are coding characters. This is likely done to avoid text analysis.
Now, because eBay doesn’t allow links in messages in order to keep buyers on its site, the spammers embed an un-hyperlinked “ad” that features a URL. The URL is very short and when typed into a browser, users are redirected to various sites with more complicated URLs.
Each URL is tagged with the spammer’s affiliate code and they get a click-through fee any time it’s clicked. Playing cyber roulette, the researchers tried the spam many times on different browsers, times of the day and various countries. For the most part, the spams were harmless.
But then, bam! The spams occasionally also offered a free download. No surprise, it was malware. The researchers downloaded one that attempted to install a cryptocurrency miner. The cryptominer was set up to mine for someone else — users ended up paying for the electricity.
The unpredictability in pushing their malware makes it harder for the dangerous spammers to be found.
Danger signs and how to outsmart spammers
The original spammer has a URL with an HTTP link. With HTTP, it is easier for third parties to get in and modify replies and redirects. Make sure it’s an HTTPS link because it’s harder for third parties to alter the content you do see.
If the spammer has an easy to crack password, anyone can modify the redirection URL, opening you up to DNS hijacking. Changing your router settings will help you out of those situations.
Here’s what you can do to protect yourself from this type of spam:
- Don’t type in unsolicited links just to take a look.
- Run an anti-virus and web filtering tool that protects you from malware downloads as well as shady URLs.
- Report messages that look odd and have embedded messages to the service provider.
Of course, eBay is fertile ground for scammers — both on the buying and selling side. Komando.com offers these tips to keep you protected from scams found on eBay.
- Buyer damages or alters the item and demands a refund
- Fake eBay emails try to steal information
- The seller asks you to make a payment outside of eBay’s system
- Buyer overpays for an item
- The “Item not received” scam