Wednesday, January 11, 2006

More Phishing in the Sea

I get about a dozen phishing e-mails every day (though my spam filter gets most of them before I see them), but I actually almost got taken by a particularly fiendish one today.

This one's fiendish because, rather than using fake requests to verify your account information—something eBay never does—this message perfectly mimics the queries for information that every eBay seller receives at some point. (Actually, it's almost perfect; it doesn't provide the title of the listing the fictitious user is supposedly interested in, nor does it include your name and eBay ID in the really fine print.) The user question is vague, but no more vague than typical user questions.

In short, the phisher slides past your guard because it's identical to messages that eBay sellers see all the time. I was just a mouse click away from logging in to the fake eBay screen when something made me look at the original message again, then at the URL in the title bar.

Fiendlishly (or should I say, phiendishly) cunning. From now on, I'm not clicking on the convenient "Respond Now" button in e-mail queries from eBay bidders.


Post a Comment

Links to this post:

Create a Link

<< Home