The popularity of online auctions paves way for the development of online auction marketing tools. These tools are software applications that are intended to facilitate the sellers’ side of popular online auction websites. Some of the tools that help sellers in auctions are: image hosting to display galleries of their products, listing of best bidders in a single template, automatic inventory systems to notify sellers during low stocks, etc. With the help of these tools, online auctions are easier and time saving.
Phishing attacks targeting the brands of online auction and shopping websites are common. For better success rates, phishers are now trying alternate means to obtain the credentials of online auction customers by attacking legitimate brands providing auction-marketing tools.
Below is a phishing site that spoofs the branding of a leading auction marketing tools website:
Upon entering credentials onto the auction tools phishing site, the user will be asked for verification of the main online auction website, as in the above example. The phishing page states that the verification process is required to obtain a token for access of tools. The page states that if the user opts out of the token verification process, tools that enable the import of seller information, financial gains from shipping insurance, and the update of image-scrolling galleries of products, etc. will not be available to the user. A link is provided in the phishing page that states, “Verify your token.” Upon clicking the link, the page is redirected to the phishing page of the main auction website.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
- Do not click on suspicious links in emails.
- Check the URL of the website and make sure that it belongs to the brand.
- Type the domain name of your brand directly in your browser rather than following any link.
- Frequently update your security software, such as antivirus and antispyware.