High Tech Office columnist hooked by phishing line

by  Alan Zisman (c) 2006 First published in Business in Vancouver May 16-22, 2006; issue 864

High Tech Office column; 

A few weeks ago, in BIV issue 860, this column was headlined: “Studies show Internet users are easily fooled by frauds.”

A few moments ago, I fell for a phishing scam.

I was checking my e-mail early in the morning. (Am I trying to make excuses?)

There was a new message in my inbox claiming to be from “Customer Support” entitled “Message from an eBay Member.”

From time to time, I auction things on eBay, and sometimes potential bidders e-mail me questions.

But I don’t have anything up for auction right now and I’m not bidding on anything either. Curious.

So I opened it up; it looked like the standard form letter used when bidders or sellers use eBay to forward messages and read “Hi, i have sent your item today, please let me know when you will get it … and please don’t forgot to leave my feedback Thanks.” (All errors included as written).

Links to view the item were apparently to eBay-UK.

Rather than clicking on the “Respond Now” button, I clicked on the “View Item” link to see what item we’re talking about.

That ought to take me to the page with the description of the item, with a note that this item is now sold. Instead, the browser page asked me to log into my eBay account.

I should have paused at this point.

Instead, I entered my eBay login name and password. Nothing happened.

That was when I woke up. Glancing at the address field in my browser, rather than seeing a www.ebay.co.uk (for eBay-UK) address, the address was a long one that started: http://www.ukrembrk.com/.signin.ebay.com. Not eBay at all. In fact, the ukrembrk.com is the website of the Ukrainian Embassy to the Republic of Korea.

In fact, all of the links in the e-mail message went to this same bogus login page.

OK.

I seem to have given my eBay user name and password to a website with no connection to eBay (and probably no connection to the Ukrainian Embassy to Korea except that somebody has slipped the page onto their Web server).

With no time to waste, I went right to eBay.com.

Having typed www.ebay.com into my browser, I’m pretty sure it’s the real eBay. Clicking on the My eBay tab, I signed in and changed my password; eBay has connections to PayPal, but I use a different password there. Otherwise, I would have changed that one too. (And if I used the same password on other websites where money changes hand – a bad idea, I should change those as well).

Then I forwarded a copy of the fake message to support@ebay.com and e-mailed the contact address at the bottom of the Ukrainian Embassy Web page. They should know if someone is using their Web server without their knowledge. (The .signin.ebay.com folder name starts with a period, which makes it hidden from normal directory listings on Unix systems.) I think I caught this before it was able to take advantage of my identity.

But I’ll have to keep an eye on things for a while to make sure that nothing unusual happens.

I’m not alone in getting fooled.

The study I referred to in issue 860 noted that well-designed fraudulent websites fooled 90 per cent of the test subjects. In 2003, some two million users were tricked into giving out financial information online. The website that sucked me in had all the telltale signs of a fake: it asked for login information when that shouldn’t have been needed, and the address at the top showed it clearly wasn’t a real eBay page. But, like millions of others faced with a login prompt, I tried to log in first and thought about things later. It’s all too easy to get stung. Take care.