Newegg Password Reset Scam Becoming Popular
McAfee Labs has detected a new strain of spam in the wild that is not only a sophisticated forgery of a Newegg purchase receipt, but also appears to be abusing Neweggs own password reset system to further the scam. The spam mail not only mimics the look and feel of a Newegg email, but also forges the RFC 821received headers to pretend that it originated from Newegg servers. The email contains an HTML attachment that uses obfuscated JavaScript to forward the victim to a domain which attempts to deliver fake anti-virus software or other malware to the recipient. Be sure to give a heads up to anyone that has a Newegg account!
The spammers are taking advantage of the password reset option on the Newegg website to generate an email to the victim announcing that a password reset is required. This ruse cannot be used to determine if an account exists because the Newegg site returns the same text if you request a password reset on an actual or nonexistent account. So directory harvesting does not appear to be the attackers goal. Neweggs password reset option is not protected by any sort of CAPTCHA authentication, so this process is probably being scripted as part of the spam campaign. The password reset request does not actually reset the password unless the recipient clicks on the email that is sent. In all likelihood this scam is designed to make the recipient anxious by suggesting an unauthorized individual has attempted to access the account.
Comments are closed.