EBay Spam and Phishing attacks are continuing to flood my email, about 2-3 per day and of course and equal number from PayPal. Now I know these are not legitimate because I have not signed up for service at either company (is it possible for someone to do so by proxy – they have my name, address, telephone number and possibly lots more – I ll check it out). Here is another example of the dozens of different attack emails:
Now I have said it before but it bears repeating – Brand = Trust. In his book, The Paradox of Choice – Why More Is Less, Barry Schwartz describes the increasing complexity in the stream of life decisions. One of the coping mechanisms Schwartz underlines is consumers identification and use of trusted brands in making a broad array of buying decisions. Campbells delivered a delicious soup just as they said they would – its a bit more in price but great in convenience I will try their new Chunky meals.
Nowhere is brand more paramount than in the field of financial transactions … the last thing you want to discover is that your insurance company has been hiding behind dense legalese when crunch time comes. Or I sure expect eBay to protect my transactions and make for a safe and trusted environ for all my buyers and suppliers. Ohhhh ….. they too are getting a dozen or more spam/phishing messages per week. Hmm not Good.
Why eBay May Tolerate Ruinous Attacks on Its Brand
I have to put the shoe on the other foot and ask why eBay might be willing to accept what appears to be fierce attacks on its brand name. First, what appears to be ruinous attacks to me may just be in the wide sphere of things at eBay just low level noise. eBay may be tracking/surveying its current and potential customers and finding the levels “acceptable”. But a sampling of colleagues would seem to belie this rosy picture.
So then consider the opposite tack – impotence. eBay can do nothing because the spammers and phishers hide behind international boundaries and constantly shifting websites. These are technically and legally sophisticated attacks; but not insurmountable given what EDI and other financial information exchange organizations have had to deal with.
Another viewpoint is sabotage. What better way to attack the leaders in the industry, eBay and PayPal, then to invest in a little disturbance and snafu brand attacks in the market. Do nothing, look the other way may be sufficient; but a little malfeasance is not out of the question. Given the amateur nature of some of the phishing lures one has to wonder whether there may be third parties with the ulterior motive of damaging the eBay/PayPal brands.
Finally, there is the fragility, downright awkward, if not juvenile, state of security, privacy plus identity standards and practices. eBay management may be satisficing, doing just good enough or taking the high road – do nothing and Waiting for Godot. Whatever the reasoning, I am a)bypassing the pleasures/hazards of eBay/PayPal and b) hunkering down for a long brewing storm in the overlapping worlds of security, privacy and identity. I hope to have maintained the latter out on the other side.
(c)JBSurveyer 2006