Its only proper that on Stupor Bowl weekend we get another example of eBay Phishing Phumbilitis. It appears the executive suite at eBay just does not get it – by not immediately shutting down the Phishers they are setting up a tremendous set of liabilities:
a)all members and non-members that get duped by eBay phishers and then get hoodwinked and hacked out various sums of money are going to be looking for a tort target – and the bullseye is going to be on eBay;
b) traffic at eBay is going to suffer sooner rather than later as customers think twice about doing transactions on a company that appears to be so open to phishing attacks …. and from my point of view appears to be doing so little about it;
c)the eCommerce community from Amazon through to the Wall Street Journal are not going to be too happy about their franchises being endangered by eBay and other institutions being apparently so lackadaisical about phishing attacks.
“Lackadaisical? Hummph, hummph .. .. we are doing all the right things”. That is essentially the response I have gotten from eBay since my previous note on eBays vulnerability to phishing attack.
Not From this Viewpoint: We See Phishing Phumbilitis from eBay
All we see here is a continuing stream of phishing exploits in various eBay eMail guises arriving in our mailbox – now 3-5 times per week. Now we are doing our part and forwarding the phishing attacks to email@example.com as soon as possible. Occassionally we get an automated response – but no updated briefing of what eBay is doing to curtail the emails.
And recently even sending in notification to spoof@eBay com has become more involved. Here is the message we got back from eBays Safe Harbor team:
ALERT: Your email has not been received by eBay.
We reserve the firstname.lastname@example.org email address for handling reports of
Websites that have been set up to impersonate eBay. In order to
investigate these reports in a timely manner and provide help to members
who have been affected by this type of activity, we only accept emails
that are forwarded to this address.
If you received this message after attempting to report an email that
appears to have come from eBay but actually directs you to another site,
you must forward the message to us again by using the forward function
of your email program. Make certain that email@example.com is in the “to”
field. Do not alter the subject line, add text to your message or
forward the email as an attachment.
To help our members better protect themselves from spoof Web sites, we
have developed a new feature for the eBay Toolbar called “Account
Guard.” Account Guard includes an indicator of when you are on an eBay
or PayPal Website, buttons to report fake eBay Websites, and a password
notification feature that warns you when you may be entering your eBay
password into an unverified site. To learn more about the eBay Toolbar
with Account Guard, open a new browser and type
www.ebay.com/ebay_toolbar into the address bar. Note that eBay will
never send you an email that includes a download as an attachment or a
link that goes to a page with a download.
eBay also recommends that you ensure that your Web browser, operating
system, and virus protection software are up to date. Check for updates
at the “Windows Update” link on www.microsoft.com and scan your computer
for viruses often.
If you have any other concerns, please use our Help system by clicking
on “help” at the top of the eBay home page.
**Please do not respond to this email, as your reply will not be
eBay SafeHarbor Team
Now I am trying to help by alerting eBay within 10-20 seconds of receiving the spoof emails sometimes. These should be very valuable to the spoof team because the Phishing sites only stay up for 1-5 hours or even less. So the idea is to trap the Phishers – and then act upon the Net providers as well as the perpetrators. But currently eBay is worrying whether the spoof eMail is forwarded or replied to .. or may be this is the phishers in action. The problem is God Knows … and that is the problem. eBay is leaving the Phishers in control. Not good.