"At first those e-mails were a joke with the misspellings and mistakes," said Mr. Alofs about the phishes he received a couple of years ago, when the practice was relatively new. "Now with the copyright statements and the logos, they look so real. I don't know how you'll ever tell them apart."
For eBay, phishers are more than just an expensive irritation. EBay is among the five companies most frequently targeted by phishers, according to David Jevans, chairman of the Anti-Phishing Working Group, an industry association that includes eBay. Like phishers who go after customers of credit card issuers, those who target eBay users sometimes try to capture credit card numbers as well as general personal information.
"EBay is purely virtual," Mr. Jevans said. "They live or die by e-mail."
EBay is reluctant to discuss its security measures, but the company has taken three steps recently. A few months ago, it began offering users of Windows-based computers a free toolbar that flashes a warning when a browser is pointed toward what it believes to be a fraudulent Web site.
And eBay offers unique attractions for criminals, as Mr. Alofs's case shows. Many buyers will purchase expensive goods such as coins only from sellers with high ratings from previous customers through an online evaluation system. Mr. Jevans and others say that when phishers are able to take over accounts with high approval ratings, they use them to sell nonexistent or stolen goods.
Tuesday, March 08, 2005
[HCI-sec] NYTimes on EBay Phishing
NYTimes has an article about some of the impacts of phishing on EBay, and how EBay is fighting back.