Friday, May 20, 2005

Beware of Your Email

I received a suspicious email at home yesterday. It claimed to be from eBay, saying that they’d detected some suspicious transactions on my account, so I should check the account and possibly update my password. The message included eBay logos and links to eBay’s home page and fraud pages. It also included a direct link to the page where I could update my account info.

The dead giveaway for me, of course, was that I don’t have an eBay account. A closer look at the header showed that the message wasn’t even addressed to me; it went to a private mailing list I’m on and got forwarded to me. There was definitely someone trying to get access to my (non-existent) eBay account, and it was the sender of this "warning". The sender was "phishing" for information they could use to steal money from me, and this message was the bait. You can get the gorey details of phishing online if you want to get technical, but the moral of the story is never trust email from a corporate entity, even if you do business with them; the email may be a counterfeit from someone else.

As I said, the trick message was full of links to pages on eBay’s site, but there’s no way to be sure how many were genuine. I certainly wasn’t going to click any of them to find out the hard way. The direct link to the "account maintenance" page was undoubtedly a trap that went somewhere other than eBay, but some of the others might have been genuine links to eBay pages, just to keep innocent victims like me guessing.

As I said, I wasn’t going to click any of those links to test them. Any or all of them might have lead to a programmed "exploit page" designed to quietly install evil programs on my computer. Those programs might generate more evil email or host evil web pages on my own computer designed to steal information from others, quietly sending the stolen information to some criminal in a distant land.

eBay does take this kind of thing seriously (as does PayPal and assorted banks that have internet banking facilities), so a quick visit to eBay’s website (by directly typing www.ebay.com in my browser rather than following any of those evil links) quickly turned up an abuse address to which I forwarded the message. I don’t know if it will be possible to track down the scumbags who sent it to me, but hopefully they’ll be able to use the information to break up at least part of the criminal network sending them.

It’s possible to do business online safely, but vigilance is definitely needed. Criminals impersonate reputable corporations to rob you, so you need to view any unsolicited message that lands in your mailbox with skepticism. It can save your money, your credit rating, and possibly your reputation.

This post will appear in the Skeptic's Circle of Thursday, May 26th, hosted by Saint Nate.

3 comments:

Anonymous said...

"As I said, the trick message was full of links to pages on eBay’s site, but there’s no way to be sure how many were genuine. I certainly wasn’t going to click any of them to find out the hard way. The direct link to the "account maintenance" page was undoubtedly a trap that went somewhere other than eBay, but some of the others might have been genuine links to eBay pages, just to keep innocent victims like me guessing."

They make the links look like they take you to PayPal, eBay or whatever, by writing a correct PayPal, eBay etc. link inside the anchor tag, however the link takes you the wrong place - example:
fake link to company site

You were undoubtly aware of this, but I just though I should explain it to the readers.

Lord Runolfr said...

Indeed, as Kristjan said, you may see a URL in the email that like http://www.financialsite.com/maintain_account.html.

But it only looks like a good link. It will actually go somewhere entirely different, a page on someone else's hijacked server that hosts a page that looks very much like a page you would see at "financialsite", but actually sends any information you provide to a criminal database.

Anonymous said...

Hi, it is liz from I speak of dreams.

Skipped over from Nate's. I forward ALL mail from eBay or PayPal to /spoof at ebay dot com/ or /spoof at paypal dot com/ -- the long headings version. I'm running about 100 spoofs to 1 real now.

If it is fake I get a pretty immediate "it is fake " resposne.