HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.
HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

eBay Insists Phishing Attempt Is Real?

from the that-seems-like-a-problem dept

We've heard how phishing scammers have gotten better and better at making their emails look legit -- to the point that people are now often quite confused over whether an email is legitimate or a phishing attempt. The problem is worse for legitimate emails. While people generally can spot phishing attempts, they often think legitimate emails are actually from phishers. However, one group of people you would think would be able to tell the difference would be the abuse desk at a major company targeted by phishers. After all, that's their job. Spotted on Digg, however, is a report from someone who claims he submitted what's clearly a phishing email to the eBay abuse desk -- only to be told by eBay that the email was real. The guy makes it pretty clear that the email was definitely a phishing attempt -- and eBay just doesn't seem to believe him, even though the site the email points to was hosted on a home network.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    A Bismark, 5 Dec 2005 @ 1:42am

    No Subject Given

    Its 2 days since the user posted the details on his blog and many more since he must have warned ebay on email. But I can still see the spoof site on the net.
    Take a look at it and see for yourself. This will give you some idea about difference b/w a spoof and the real site. And what lame emergency/defensive procedures ebay have. Or maybe their whole staff has taken a Christmas vacation ?
    From Richi's blog: "However, if you're determined to research it, understand that I cannot warrant that the site is malware free. Unless you agree that you take full responsibility for your actions, do not go to www(dot)ebaychristmas(dot)net."

    reply to this | link to this | view in chronology ]

  • identicon
    Steve Hurcombe, 5 Dec 2005 @ 2:23am

    No Subject Given

    Hi,
    The opposite is true as well. I had an email from Symantec that I was pretty sure was from them but wasn't using the symantec.com domain name (symantecstore.com). I thought this was bad practice as legit emails should only come from Symantec.com not from anywhere else. Doing so made people more willing to accept 'made up' domain names.
    The fun part is that they told me that it *was* a phising email and to ignore it, when plainly it wasn't.
    Best regards
    Steve

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Dec 2005 @ 5:34am

      Re: No Subject Given

      The from: field may have been spoofed.

      A scammer/spammer can pretty much make the from field say anythimg they want. Which is one more reason to be careful about opening attachments and giving personal info in e-mails.

      reply to this | link to this | view in chronology ]

  • identicon
    RedStarFire, 5 Dec 2005 @ 4:04am

    A little too real...

    Funny thing is they tried to make the site so accurate they even included: "Be sure the Web site address you see above starts with https://signin.ebay.co.uk/"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Dec 2005 @ 5:53am

    Also noted at ITBW

    Also noted at Computerworld's IT Blogwatch.

    reply to this | link to this | view in chronology ]

  • identicon
    Howard, 5 Dec 2005 @ 6:26am

    ebay has sort-of solved the phishing problem

    Ebay uses an internal message system in the registered user's account.

    If the ebay email does not show up in the "messages" section of my account, I automatically send in a phish report. I've had a few that were send by ebay "partners", which ebay replied were legitimate, but as far as I'm concerned, if it claims to be related in any way to ebay, and doesn't show in my messages list in my ebay account, it is NOT legitimate. period.
    --
    The Celtic Fiddler, violins and accessories.

    reply to this | link to this | view in chronology ]

  • identicon
    Rusty, 5 Dec 2005 @ 11:41am

    Never use the links

    People should never use the links included in the email message. Type the address in or use your bookmarks. It's that simple.

    reply to this | link to this | view in chronology ]

  • identicon
    Richi Jennings, 7 Dec 2005 @ 4:48pm

    There's more to the story

    This is the Richi Jennings from the article. There's more to the story; it continues at www.richi.co.uk

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.