Sunday, April 09, 2006

Phishy E-Mails from eBay/PayPal are at a Record High

Phishy e-mails claiming to be from eBay and PayPal seem to be coming into my inbox and bulk mail at record rates. My spam filter used to catch most of them, but now many of them are making their way past it.

Normally, the intent of these e-mails is to steal personal and financial information. Quite often, the information is also used to "take over" legitimate sites and sell bogus, or nonexistent merchandise.

Please note that fraud on auctions isn't exclusive to eBay and PayPal. In fact, the auction business is booming and many new auction sites are being launched. I have no doubt the "Phishermen" will target all of them. Phishing is becoming extremely organized and highly profitable for criminals and they intentionally target whatever is popular, or sells.

I sometimes wonder if they don't hire "marketing experts?"

Here is something, I read this morning from Ina Steiner at Auction Bytes:

PayPal Director of Corporate Communications Amanda Pires said spoofing is an issue PayPal takes very seriously. She could not reveal exact details about what PayPal was doing to fight phishing, but claimed the company is leading the industry with innovative technology and resources dedicated to fighting spoof. "PayPal and eBay employ a dedicated team that focuses just on the spoof issue. Additionally, every second of every day and on every single transaction, PayPal applies its advanced proprietary fraud detection techniques and tools to detect fraudulent activity."

According to Rich Miller, an analyst with Netcraft Ltd., a company that provides security services related to phishing (http://www.netcraft.com/), eBay and PayPal are two of the most frequently targeted companies for phishing schemes. Miller said the best way for such companies to communicate with users is through dedicated message areas users access after they log-in to the company's site. He said the next best advice for users to avoid becoming victims of phishing schemes is to refrain from clicking on links in emails that lead to log-in pages.

Miller said phishing emails create a sense of urgency. In the early days, typos were often a sign of a phishing email, he said, but phishers have cleaned up their spelling over the years. "Phishers will test social engineering tricks," he said. "If it works, they put the additional effort into refining it. They will spend time to make it look legitimate. The people doing it are professionals."

Full story, here.

The best way to defeat the Phishermen is through awareness and by the aware reporting attempts they spot.

The Phishing Incident Reporting and Termination Squad (PIRT) is one place the "aware" can report these scams. The Anti-Phishing Working Group is another place to report "phishy e-mails" and is also a great place to become more aware.

There is also a lot of other fraudulent schemes on auction sites besides "phishing." Unfortunately, in order to be safe doing business on them, becoming aware of all of them is probably a wise idea. Here are some previous posts, I've done relevant to the other schemes:

eBay Fraud from a Personal Standpoint

Counterfeit Travelers Express (MoneyGram) Money Orders Showing Up ...

eBay Fraud Buster

Hard Drives for Nigeria

XBox Latest Lure in Auction Scams

6 comments:

Anonymous said...

I'm actually getting a LOT of Chase phish mail. I used to get a bunch of other banks (for places like Bank of the West that I've never heard of) phish and it typically got caught by my ISP's spam blocker. But I get stuff from Chase that isn't blocked, and a lot more that is. Makes me wonder if Chase didn't piss off someone to make them phish in their name.

Oh yeah, and some of the Chase stuff is pretty good quality, offering $20 for a survey, etc.

Ed Dickson said...

Agreed. I also have seen a ton of phishy e-mails that I confirmed as phish from Chase.

Chris Wagoner said...

You may want to check out Spoofstick, a small toolbar that runs in IE and Firefox, and tells you the reall Address of a web site you are on. Helps in spotting these types of web pages, even with a masked address. Very cool usful little program.

Chris Wagoner said...

You may want to check out Spoofstick, a small toolbar that runs in IE and Firefox, and tells you the reall Address of a web site you are on. Helps in spotting these types of web pages, even with a masked address. Very cool usful little program.

Anonymous said...

If you use ClamAV/ClamWin, you can use Unofficial Phishing Signatures:

http://www.sanesecurity.com/clamav

Anonymous said...

Internet Explorer 7 has embedded detection of phishing.

http://www.microsoft.com/windows/IE/ie7/default.mspx