$3m phishing scam nets 3,300 eBay employees
So, eBay. How’s your security?
Posted in Crime, 24th September 2010 00:03 GMT
Free whitepaper – The Register Guide to Enterprise Virtualization
Romanian authorities stated they have detained a man suspected of absconding with more than $3m by snaring 3,305 eBay employees in a spear phishing campaign last year.
Liviu Mihail Concioiu is under investigation for carrying out two phishing attacks that were directed solely at eBay employees, according to a press release (translation here) from Romania’s DIICOT agency. In the first, he netted user names and passwords for 1,784 employees and in the second he got another 1,521 employee credentials.
The suspect then used 417 of the stolen accounts to log in to eBay’s internal network, where, according to computer-forensics expert Gary Warner of the University of Alabama at Birmingham, he accessed details about high-value eBay customers.
With that information, Concioiu was able to fleece 1,183 eBay users of more than $3m. One of the reasons the scam was so successful, Warner said, was its extremely small footprint. The detailed information about high-value customers granted him to fly under the radar of traditional phishing defenses because he sent out relatively few emails compared with more common phishing attacks.
To state the least, it’s a startling revelation that more than 3,300 eBay employees were tricked into turning over credentials to highly restricted parts of their company’s network. Over the past few years, the on-line auction house, along with its PayPal subsidiary and Skype VoIP service, have been hotbeds for fraud that can cost customers thousands of dollars, not to mention days, weeks or months to clear up. eBay’s common refrain is to warn users about the perils of phishing attacks, but evidently the company doesn’t take its own advice.
An eBay spokeswoman declined to state how this might have happened or whether the company has undertaken any new training programs to prevent something similar from happening again. She also would not state whether the 1,183 eBay customers have been compensated for their losses. Instead, she issued a statement that read:
“The Romanian authorities’ arrest of Liviu Mihail Concioiu and his conspirators is a great victory in the global fight against Internet fraud. eBay’s internal investigations team has been working closely with Romanian and U.S. law enforcement on this investigation since May of 2009, and we are confident that the evidence will link these individuals to a series of on-line attacks and organized criminal activity.”
Concioiu, who is also under suspicion for creating fake ATM cards for Italian banks and withdrawing more than 300,000 euros, was one of three people detained on Wednesday by DIICOT. ®
Free whitepaper – The Register Guide to Enterprise Virtualization
Other Post:
- ZenKEY
- iStockphoto delivers iPhone App for browsing and sharing photos, illustrations and audio files or tracking sales while on the move
- Samsung Series 5 Chromebook (3G) Available For Pre-Order
- Medion Erazer X6811 15.6-Inch Gaming Laptop
- Google Cr-48 Chrome OS Notebook
- iPhone 3GS price gets cut to $97 at Wal-Mart, down from $199
- The cure for US job woes: More immigrants
- Acer TravelMate 5542 15.6-Inch Business Laptop
- Imagicon
- What Hurd's sudden departure means for HP
Details :
Submited at Friday, September 24th, 2010 at 5:04 am on News by samantha
Comment RSS 2.0 - leave a comment - trackback
