eBay Insists Phishing Attempt Is Real?
from the that-seems-like-a-problem dept
We’ve heard how phishing scammers have gotten better and better at making their emails look legit — to the point that people are now often quite confused over whether an email is legitimate or a phishing attempt. The problem is worse for legitimate emails. While people generally can spot phishing attempts, they often think legitimate emails are actually from phishers. However, one group of people you would think would be able to tell the difference would be the abuse desk at a major company targeted by phishers. After all, that’s their job. Spotted on Digg, however, is a report from someone who claims he submitted what’s clearly a phishing email to the eBay abuse desk — only to be told by eBay that the email was real. The guy makes it pretty clear that the email was definitely a phishing attempt — and eBay just doesn’t seem to believe him, even though the site the email points to was hosted on a home network.
Comments on “eBay Insists Phishing Attempt Is Real?”
No Subject Given
Its 2 days since the user posted the details on his blog and many more since he must have warned ebay on email. But I can still see the spoof site on the net.
Take a look at it and see for yourself. This will give you some idea about difference b/w a spoof and the real site. And what lame emergency/defensive procedures ebay have. Or maybe their whole staff has taken a Christmas vacation ?
From Richi’s blog: “However, if you’re determined to research it, understand that I cannot warrant that the site is malware free. Unless you agree that you take full responsibility for your actions, do not go to www(dot)ebaychristmas(dot)net.”
No Subject Given
The opposite is true as well. I had an email from Symantec that I was pretty sure was from them but wasn’t using the symantec.com domain name (symantecstore.com). I thought this was bad practice as legit emails should only come from Symantec.com not from anywhere else. Doing so made people more willing to accept ‘made up’ domain names.
The fun part is that they told me that it *was* a phising email and to ignore it, when plainly it wasn’t.
Re: No Subject Given
The from: field may have been spoofed.
A scammer/spammer can pretty much make the from field say anythimg they want. Which is one more reason to be careful about opening attachments and giving personal info in e-mails.
A little too real...
Funny thing is they tried to make the site so accurate they even included: “Be sure the Web site address you see above starts with https://signin.ebay.co.uk/“
Also noted at ITBW
Also noted at Computerworld’s IT Blogwatch.
ebay has sort-of solved the phishing problem
Ebay uses an internal message system in the registered user’s account.
If the ebay email does not show up in the “messages” section of my account, I automatically send in a phish report. I’ve had a few that were send by ebay “partners”, which ebay replied were legitimate, but as far as I’m concerned, if it claims to be related in any way to ebay, and doesn’t show in my messages list in my ebay account, it is NOT legitimate. period.
The Celtic Fiddler, violins and accessories.
Never use the links
People should never use the links included in the email message. Type the address in or use your bookmarks. It’s that simple.
Re: Never use the links
What we need is some kind of malware that rewrites people’s bookmarks
There's more to the story
This is the Richi Jennings from the article. There’s more to the story; it continues at http://www.richi.co.uk