Thursday, March 24, 2005

eBay Phishing emails

There’s a good chance you get them too: phishing emails. These spoofs imitate legitimate email sent by some of the Internet’s powerhouses like eBay and Amazon, with the sole purpose of getting the recipient to surrender financial details like credit cards and defrauding them for all they’re worth. Visually these HTML emails are practically indistinguishable from the real thing.

So far, nothing new, they’ve been around for a long time. I’ve been getting email spoofs from a sender who calls himself Safe Harbor on a daily basis for months now (subject: Verify your eBay-account now!). Like a good boy, I’ve been reporting these emails by forwarding them to Invariably two things happen:

I get a email back from them (subject: Your mail to eBay UK Customer Support):


Thank you for contacting eBay about an E-Mail you received that appears as though it is an authentic E-Mail from eBay. We will investigate this situation immediately.Please be advised that there have been cases where people have attempted to gain access to an eBay member's personal information by sending "spoof" E-Mails. Spoof E-Mails intentionally give the false impression that they have been sent by eBay to solicit people to transmit their account information.

[etc, etc]

Next (a couple of minutes later) (subject: RE: EU91011 SPG - Your recent report to eBay's Trust and Safety Department)


Thank you for contacting eBay's Trust and Safety Department about email solicitations that are falsely made to appear to have come from eBay or PayPal. These emails, commonly referred to as "spoof" messages, are sent in an attempt to collect sensitive personal information from recipients who reply to the message or click on a link to a Web page requesting this information. The email you reported did not originate from, nor is it endorsed by, eBay or PayPal. We are very concerned about this problem (note: bold by me) and are working diligently to address the situation. We are currently investigating the source of this email to take further action. You may rest assured that your account standing has not changed and that your listings have not been affected.

[etc, etc]

OK, that’s all fine and dandy, but regarding Safe Harbor I must have received 20 or more of these “sets” of emails. What doesn’t go away though is the phishing emails themselves. It’s probably not easy to track these guys and shut them up but it doesn’t look to me as if they’re trying all that hard…
We are very concerned indeed.


Post a Comment

<< Home