E-Scribe : a programmer’s blog

About Me

PBX I'm Paul Bissex. I build web applications using open source software, especially Django. Started my career doing graphic design for newspapers and magazines in the '90s. Then wrote tech commentary and reviews for Wired, Salon, Chicago Tribune, and others you never heard of. Then I built operations software at a photography school. Then I helped big media serve 40 million pages a day. Then I worked on a translation services API doing millions of dollars of business. Now I'm building the core platform of a global startup accelerator. Feel free to email me.

Book

I co-wrote "Python Web Development with Django". It was the first book to cover the long-awaited Django 1.0. Published by Addison-Wesley and still in print!

Colophon

Built using Django, served with gunicorn and nginx. The database is SQLite. Hosted on a FreeBSD VPS at Johncompanies.com. Comment-spam protection by Akismet.

Pile o'Tags

Stuff I Use

bitbucket, Django, Emacs, FreeBSD, Git, jQuery, LaunchBar, Markdown, Mercurial, OS X, Python, Review Board, S3, SQLite, Sublime Text, Ubuntu Linux

Spam Report

At least 236429 pieces of comment spam killed since 2008, mostly via Akismet.

Is eBay doing all it can to fight phishing?

A lot of eBay phishing scams take you to websites that not only mimic the look of the site they're impersonating, but actually contain live links to that site and even use images hosted there.

I just got one today: an email with the ironic subject line of "eBay Fraud Mediation Request." I always take a look at these to see if the scammers have any new tricks. I even click on the links (being a Mac user emboldens me there). This one took me to a site called www.signin-e-bay.com (I'm omitting the full link that takes you to the scam pages). The page was full of links to real eBay pages and used images hosted on eBay servers.

(Sub-rant: why does a company like eBay use a domain like ebaystatic.com? That's an actual eBay domain used for image hosting. This scam page included images hosted there. You've got to imagine that this makes eBay's anti-fraud education efforts harder. Does signin-e-bay.com look more suspcious than ebaystatic.com? Not to me. Why not static.ebay.com? When I see this kind of thing all I can think is that a company has grown so large and balkanized that it's easier for departments to register entirely new domain names than it is for them to get authorization from above to add a third-level name to the main domain. End sub-rant.)

Here are two things that eBay could be doing right now to foil this scam operation (I'm assuming they know about it; I reported it and I assume many other people have as well.) They are not rocket science. I'm not pretending to have invented anything here -- this is webservers 101. I might be missing some reason why they can't do this, but it's certainly stuff that I would do if my server were being impersonated like this. But eBay gets a little more traffic than I do.

Anyway:

  1. Why not check referrers on all incoming page requests and redirect people who are coming from signin-e-bay.com to a page with a giant notice saying WELCOME TO EBAY! YOU HAVE ARRIVED FROM A KNOWN SCAM SITE. Admittedly the next step is more difficult, since at this point the visitor will probably be pretty suspicious of everybody and might just quit their browser and go have a beer. At least they'll be keeping out of trouble.

  2. Why not check referrers on all image requests and return giant red "SCAM" badges when the referrer is on the (ever-evolving) scam site list? People have been doing this successfully for a long time. Again, the user may just be confused and close their browser, but at least they haven't given their login info to a malicious third party.

Maybe this is all moot, and they actually do this stuff now, and I'm just not seeing it because the whole mailing is only thirty minutes old. I'd love to be wrong here. But somehow I doubt that I am. Can anybody enlighten me as to why eBay doesn't use measures like these? What am I missing?

Friday, September 23rd, 2005
+ +
3 comments

Comment from richard bushey , 10 weeks later

i would like to complain about a phone call i received today from a caller who wanted my e-bay acct # i have his phone # in my phone,he was very aggressive.but i need to know who to report this to.i don't want it to happen again

Comment from Paul , 10 weeks later

Richard, I'd go to eBay's Security Center to report your problem.

Comment from Nigel Turner , 11 months later

Hi, I have recently had a lot of buying activity on a downloadable product that hasn't really being selling. All of the buyers have an email address ending in 126.com and so far none of them have paid for the item All of the items were sold within an hour of each other on the 21st of september. I'm not quite sure how this would be a scam but it certainly smacks of one. Has anybody come accross this before or do you know what they are trying to acheive ??

Comments are closed for this post. But I welcome questions/comments via email or Twitter.