You've no doubt heard about the phenomenon phishing, whereby scammers e-mail you pretending they're from legitimate companies (banks, credit card companies and online retailers) with whom you do business and threaten the status of your account, claiming they'll shut you down unless you click on the embedded hyperlink and "verify" certain information. These criminals are hoping you'll be so swayed by the official-looking graphics and stern tone ("...access to your account will be limited. This is a fraud prevention measure meant to ensure that your account is not compromised.") that you'll gladly give up personal info (passwords, account numbers, etc.) which will allow them to steal your identity and rob you blind.
When I first started getting phishing e-mails (or "spoofs" as they're called) they were well-written and reasonable, almost genteel: We regret to inform you that your eBay account has been suspended due to concerns we have for the safety and integrity of the eBay community. Convincing. Luckily, I'd heard of phishing and knew not to be deceived. You'd think the phishers would become more sophisticated with time - but the quality has fallen off sharply as more dilettantes jump into the fray. The formerly pleading tone is now accusatory, threatening:
Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.
We regret to inform you that your eBay account has been suspended due to the violation of our site policy below: False or missing contact information - Falsifying or omitting your name, address, and/or telephone number (including use of fax machines pager numbers, modems or disconnected numbers).
Misspelling, incorrect punctuation and mangled syntax have become common and are more obvious tip-offs:
If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.
We need to inform you that during our security reform we are asking every user to become ID Verified, this security measure will protect our customers from account thefts and any other fraudulent activities.
Note: Requests for information will be initiated by PayPal Business Development; this process cannot be externally requested through Customer Support. Sincerely
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance,secure your account log in to your PayPal account and choose the "Help" link in the footer of any page.
You have received this email because we have strong reason to believe that your eBay account had been recently compromised.
For both, our and your security, we are asking you to activate an online account on our database.
It often seems as if English is the sender's second language:
Due to our new services you have to pay for your eBay fees. You can pay with your credit/debit card. We will ask for your credit/debit card only once. We will charge your account once per month. However you will receive a confirmation request in about 24 hours after the credit/debit card is authorized. You have 24 hours from the time you'll receive this e-mail to complete this eBay Request.
If you think you've been phished, forward the spoof e-mail to the legitimate company being impersonated or send it to [email protected] (follow the instructions found here). Forward the more entertaining ones to me: [email protected]
I love getting those emails from banks I hav never heard of. Especially since I've been going to the same bank since 1995 and have had the same accounts there all this time. But somewhere there isa bank out in South Africa thats going to shut down my account if I dont give them the info they need.
Posted by: Bruce | August 11, 2005 at 06:41 AM
PayPal and eBay official correspondence addresses the users by name not "dear member" or "dear [email protected]".
I recently read that the Nigerian email scams are being perpetrated by unemployed college-educated young people in internet cafes.
http://news.cincypost.com/apps/pbcs.dll/article?AID=/20050804/BIZ/508040328/1001
Posted by: Krys O. | August 11, 2005 at 08:14 AM
I got one today that could have fooled me. It was from an "Ebay member" asking for the payment for some unnamed thing I ordered:
"I'm still waiting payment for my item for about 1 week. What happened? Please mail me ASAP or I will report you to ebay."
Actually I was monitoring the e-mail account for someone else who doesn't use Ebay. If it had come to my home account, it might have had more of impact, since I occasionally make purchases and want to keep my account free of negative feedback.
The response link went to some IP address, usually a dead giveaway to a spoof.
Posted by: Guest | August 12, 2005 at 11:27 AM
There is a good overview of phishing at:
http://www.greenarmor.com/phishing.shtml
Posted by: Guest | August 29, 2005 at 12:33 PM
Now you can fight back against these Phishers. Just enter the Phishers URL in http://www.PhishFighting.com and watch as 100's or 1000's of fake entries are continuously sent to the Phishers website. They won't be able to distinguash between real entries and the fake ones. Join the fight against Phishers.
Posted by: Robin | September 01, 2005 at 02:53 PM
Gosh, dude, that's terrible
Posted by: Nicole | December 02, 2005 at 08:26 PM