A lot of eBay phishing scams take you to websites that not only mimic the look of the site they’re impersonating, but actually contain live links to that site and even use images hosted there.
I just got one today: an email with the ironic subject line of “eBay Fraud Mediation Request.” I always take a look at these to see if the scammers have any new tricks. I even click on the links (being a Mac user emboldens me there). This one took me to a site called www.signin-e-bay.com (I’m omitting the full link that takes you to the scam pages). The page was full of links to real eBay pages and used images hosted on eBay servers.
(Sub-rant: why does a company like eBay use a domain like ebaystatic.com? That’s an actual eBay domain used for image hosting. This scam page included images hosted there. You’ve got to imagine that this makes eBay’s anti-fraud education efforts harder. Does signin-e-bay.com look more suspcious than ebaystatic.com? Not to me. Why not static.ebay.com? When I see this kind of thing all I can think is that a company has grown so large and balkanized that it’s easier for departments to register entirely new domain names than it is for them to get authorization from above to add a third-level name to the main domain. End sub-rant.)
Here are two things that eBay could be doing right now to foil this scam operation (I’m assuming they know about it; I reported it and I assume many other people have as well.) They are not rocket science. I’m not pretending to have invented anything here – this is webservers 101. I might be missing some reason why they can’t do this, but it’s certainly stuff that I would do if my server were being impersonated like this. But eBay gets a little more traffic than I do.
Why not check referrers on all incoming page requests and redirect people who are coming from signin-e-bay.com to a page with a giant notice saying WELCOME TO EBAY! YOU HAVE ARRIVED FROM A KNOWN SCAM SITE. Admittedly the next step is more difficult, since at this point the visitor will probably be pretty suspicious of everybody and might just quit their browser and go have a beer. At least they’ll be keeping out of trouble.
Why not check referrers on all image requests and return giant red “SCAM” badges when the referrer is on the (ever-evolving) scam site list? People have been doing this successfully for a long time. Again, the user may just be confused and close their browser, but at least they haven’t given their login info to a malicious third party.
Maybe this is all moot, and they actually do this stuff now, and I’m just not seeing it because the whole mailing is only thirty minutes old. I’d love to be wrong here. But somehow I doubt that I am. Can anybody enlighten me as to why eBay doesn’t use measures like these? What am I missing?
richard bushey commented on Wed Dec 7 13:46:24 2005:
i would like to complain about a phone call i received today from a caller who wanted my e-bay acct # i have his phone # in my phone,he was very aggressive.but i need to know who to report this to.i don’t want it to happen again
Paul commented on Wed Dec 7 13:56:00 2005:
Richard, I’d go to eBay’s Security Center to report your problem.
Nigel Turner commented on Fri Sep 22 07:27:59 2006:
Hi, I have recently had a lot of buying activity on a downloadable product that hasn’t really being selling. All of the buyers have an email address ending in 126.com and so far none of them have paid for the item All of the items were sold within an hour of each other on the 21st of september. I’m not quite sure how this would be a scam but it certainly smacks of one. Has anybody come accross this before or do you know what they are trying to acheive ??