Tuesday, March 08, 2005
Phishing - easy to be caught out
I got an email this morning that may or may not be someone phishing for my ebay account details. apparently my account has been suspended due to incomplete or false information. this is news to me, and obviously being a law-abiding citizen I want to make sure I'm not breaking any rules. so I go to click on the link in the email that promises to take me to a verification page. but wait a minute. why does this email come from ebay.com, and not ebay.co.uk, where I do my buying & selling? why does it not refer to me by name, which obviously ebay know? why does it not tell me exactly what the problem is? how come, when I log in to ebay (not using the link in the email) I don't have any messages waiting for me to tell me of the same problem?
if this is a genuine email from eBay, it's sloppy, and they need to work on their own trust and safety policies before commenting on mine. if it's an attempt to phish for my account details, it nearly worked. worrying.
I'm waiting for a response from ebay to tell me if this email is genuine or not.
UPDATE: eBay tell me it's a spoof email, which really worries me because it does look very genuine, and I can't see that the links take me anywhere other than to the official eBay page. so either it's a VERY good phish, or a very bad one...
I got an email this morning that may or may not be someone phishing for my ebay account details. apparently my account has been suspended due to incomplete or false information. this is news to me, and obviously being a law-abiding citizen I want to make sure I'm not breaking any rules. so I go to click on the link in the email that promises to take me to a verification page. but wait a minute. why does this email come from ebay.com, and not ebay.co.uk, where I do my buying & selling? why does it not refer to me by name, which obviously ebay know? why does it not tell me exactly what the problem is? how come, when I log in to ebay (not using the link in the email) I don't have any messages waiting for me to tell me of the same problem?
if this is a genuine email from eBay, it's sloppy, and they need to work on their own trust and safety policies before commenting on mine. if it's an attempt to phish for my account details, it nearly worked. worrying.
I'm waiting for a response from ebay to tell me if this email is genuine or not.
UPDATE: eBay tell me it's a spoof email, which really worries me because it does look very genuine, and I can't see that the links take me anywhere other than to the official eBay page. so either it's a VERY good phish, or a very bad one...
Comments:
``I can't see that the links take me anywhere other than to the official eBay page."
Maybe you were subject to a unicode hack...
It is probably best to explain by example:
http://www.ebаy.com/
displays as:
http://www.ebаy.com/
in your browser.
Try comparing
http://www.ebay.com/
http://www.ebаy.com/ (unicode hack)
Can you tell the difference?
Thought not.
For more details see: http://tinyurl.com/4a625 http://tinyurl.com/5dllv http://tinyurl.com/56bv6
Post a Comment
Maybe you were subject to a unicode hack...
It is probably best to explain by example:
http://www.ebаy.com/
displays as:
http://www.ebаy.com/
in your browser.
Try comparing
http://www.ebay.com/
http://www.ebаy.com/ (unicode hack)
Can you tell the difference?
Thought not.
For more details see: http://tinyurl.com/4a625 http://tinyurl.com/5dllv http://tinyurl.com/56bv6
(c) 2003-2005 Russell Beale
Atom
RSS