High
Tech Office columnist hooked by phishing line
by
Alan Zisman (c) 2006 First published in
Business
in Vancouver May 16-22, 2006; issue 864
High Tech Office column;
A few weeks ago, in BIV
issue 860,
this column was headlined: “Studies show Internet users are easily
fooled by frauds.”
A few moments ago, I fell for a phishing scam.
I was checking my e-mail early in the morning. (Am I trying to make
excuses?)
There was a new message in my inbox claiming to be from “Customer
Support” entitled “Message from an eBay Member.”
From time to time, I auction things on eBay, and sometimes potential
bidders e-mail me questions.
But I don’t have anything up for auction right now and I’m not bidding
on anything either. Curious.
So I opened it up; it looked like the standard form letter used when
bidders or sellers use eBay to forward messages and read “Hi, i
have sent your item today, please let me know when you will get it
… and please don’t forgot to leave my feedback
Thanks.” (All errors included as written).
Links to view the item were apparently to eBay-UK.
Rather than clicking on the “Respond Now” button, I clicked
on the “View Item” link to see what item we’re
talking about.
That ought to take me to the page with the description of the item,
with a note that this item is now sold. Instead, the browser page asked
me to log into my eBay account.
I should have paused at this point.
Instead, I entered my eBay login name and password. Nothing happened.
That was when I woke up. Glancing at the address field in my browser,
rather than seeing a www.ebay.co.uk (for eBay-UK) address, the address
was a long one that started: http://www.ukrembrk.com/.signin.ebay.com.
Not eBay at all. In fact, the ukrembrk.com is the website of the
Ukrainian Embassy to the Republic of Korea.
In fact, all of the links in the e-mail message went to this same bogus
login page.
OK.
I seem to have given my eBay user name and password to a website with
no connection to eBay (and probably no connection to the Ukrainian
Embassy to Korea except that somebody has slipped the page onto their
Web server).
With no time to waste, I went right to eBay.com.
Having typed www.ebay.com into my browser, I’m pretty sure
it’s the real eBay. Clicking on the My eBay tab, I signed in and
changed my password; eBay has connections to PayPal, but I use a
different password there. Otherwise, I would have changed that one too.
(And if I used the same password on other websites where money changes
hand – a bad idea, I should change those as well).
Then I forwarded a copy of the fake message to support@ebay.com and
e-mailed the contact address at the bottom of the Ukrainian Embassy Web
page. They should know if someone is using their Web server without
their knowledge. (The .signin.ebay.com folder name starts with a
period, which makes it hidden from normal directory listings on Unix
systems.) I think I caught this before it was able to take advantage of
my identity.
But I’ll have to keep an eye on things for a while to make sure that
nothing unusual happens.
I’m not alone in getting fooled.
The study I referred to in
issue
860
noted that well-designed fraudulent websites fooled 90 per cent of the
test subjects. In 2003, some two million users were tricked into giving
out financial information online. The website that sucked me in had all
the telltale signs of a fake: it asked for login information when that
shouldn’t have been needed, and the address at the top showed it
clearly wasn’t a real eBay page. But, like millions of others
faced with a login prompt, I tried to log in first and thought about
things later. It’s all too easy to get stung. Take care.