eBay Insists Phishing Attempt Is Real?

from the that-seems-like-a-problem dept

We’ve heard how phishing scammers have gotten better and better at making their emails look legit — to the point that people are now often quite confused over whether an email is legitimate or a phishing attempt. The problem is worse for legitimate emails. While people generally can spot phishing attempts, they often think legitimate emails are actually from phishers. However, one group of people you would think would be able to tell the difference would be the abuse desk at a major company targeted by phishers. After all, that’s their job. Spotted on Digg, however, is a report from someone who claims he submitted what’s clearly a phishing email to the eBay abuse desk — only to be told by eBay that the email was real. The guy makes it pretty clear that the email was definitely a phishing attempt — and eBay just doesn’t seem to believe him, even though the site the email points to was hosted on a home network.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “eBay Insists Phishing Attempt Is Real?”

Subscribe: RSS Leave a comment
A Bismark says:

No Subject Given

Its 2 days since the user posted the details on his blog and many more since he must have warned ebay on email. But I can still see the spoof site on the net.
Take a look at it and see for yourself. This will give you some idea about difference b/w a spoof and the real site. And what lame emergency/defensive procedures ebay have. Or maybe their whole staff has taken a Christmas vacation ?
From Richi’s blog: “However, if you’re determined to research it, understand that I cannot warrant that the site is malware free. Unless you agree that you take full responsibility for your actions, do not go to www(dot)ebaychristmas(dot)net.”

Steve Hurcombe (user link) says:

No Subject Given

The opposite is true as well. I had an email from Symantec that I was pretty sure was from them but wasn’t using the symantec.com domain name (symantecstore.com). I thought this was bad practice as legit emails should only come from Symantec.com not from anywhere else. Doing so made people more willing to accept ‘made up’ domain names.
The fun part is that they told me that it *was* a phising email and to ignore it, when plainly it wasn’t.
Best regards

Howard (user link) says:

ebay has sort-of solved the phishing problem

Ebay uses an internal message system in the registered user’s account.

If the ebay email does not show up in the “messages” section of my account, I automatically send in a phish report. I’ve had a few that were send by ebay “partners”, which ebay replied were legitimate, but as far as I’m concerned, if it claims to be related in any way to ebay, and doesn’t show in my messages list in my ebay account, it is NOT legitimate. period.

The Celtic Fiddler, violins and accessories.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...