Poorly Trained eBay Anti-Fraud Employees Tell eBay Customer to Visit Phish Site

[mandy]

I reported a phishing attack last week. Nothing new there.

A scammer put up a fake eBay site and sent spam encouraging people to go there. Predictably, it prompted for the user's eBay username and password. Both the email and the website were very credible-looking. Nothing new there, either.

Naturally, I reported the attack to spoof@ebay.com, expecting them to work with the host of the fake website to take it down quickly. Three days later, I received a reply, basically telling me I'm an idiot because this email was in fact sent by eBay...

full article: http://richi.co.uk/blog/2005/12/ebays-an...sucks.html

[mandy]

Infoworld picked up this story:

On Monday, an eBay spokeswoman confirmed that the e-mail message was indeed part of a fraud, but she could not explain why it had initially been identified as legitimate. "I don't know the answer to that," said spokeswoman Amanda Pires. "I'm assuming right now it was just an error."

full article: http://www.infoworld.com/article/05/12/0...source=rss&url=http://www.infoworld.com/article/05/12/05/HNebaytricked_1.html

[xppman]

"I don't know the answer to that," said spokeswoman Amanda Pires. "I'm assuming right now it was just an error."

[mandy]

Another related article on this phishing email:

Phishers Slip Through Web Loopholes

As shown by a recent attempt on customers of online auctioneer eBay, phishers can still cause serious headaches despite increasing consumer awareness. 

Despite the continued efforts of researchers, security providers and online businesses to discourage phishing schemes and shut down related Web sites, some criminals are still able to flout the system and find ways to keep their illicit operations up and running.

An example of one type of phishing attempt that still manages to frustrate do-gooders appeared online in early November, in the form of a Christmas-themed Web site that mimics the name, look and feel of online auctioneer eBay Inc...

full article: http://www.eweek.com/article2/0,1895,1897025,00.asp

[richi]

This is the Richi Jennings from the article. There's more to the story; it continues at www.richi.co.uk

[bargainbloodhound]

Hi Richi 

I'm glad that the publicity forced eBay and Verisign to put a little more effort into getting the site taken down.  Its amazing what a little bad press can accomplish with some of these companies.

I think part of the responsibility for the current severity of the phishing/spoof problem lies with the often slow response times of the companies that are spoofed.

The first phishing site I ever saw was about 4 1/2 years ago:  someone had spoofed an AOL account page and was using a free home page on Tripod to host it and after the people entered their info (the page requested credit card numbers, drivers licenses, social security #'s, etc) an emailer sent the info to a hotmail account.  I reported the site to Tripod, AOL, and HotMail.  It took Tripod over 3 weeks (and several emails from me and others) to take the site down.  I never did get any response to any of my emails from AOL.