February 25, 2003

Thievery masquerading as help

I get an email from ebay with the subject “Please Update Your Ebay.com Account” and right away I’m suspicious. I haven’t bought anything off ebay or half.com in a couple months, and this email is telling me that ‘Recently we attempted to authorize payment from your credit card….’

While little details look legitimate (copyright notice at the bottom), there are telltale signs that it's a fake. Superficially, the 'Subject:' line is misspelled as 'Eaby Updates <webmaster@ebay.com>' Digging a little deeper, while the link as displayed in the browser looks legit (with the familiar 'eBayISAPI.dll' path), a quick hover and/or message source view shows that it's using the sneaky 'http://fooblah@an.ip.addr.ess/...' syntax. Bastards.

I'm a little surprised this isn't given more (any?) play on the ebay site. Even more surprising: I forwarded the email along with a message to 'webmaster@ebay.com' and got a 'recipient not recognized' bounce. Ouch.

Next: When you hear hoofbeats...
Previous: I am more eclectic than you