More fun with form letters

I just got a phishing e-mail that came from a (forged) eBay address and asked me to verify my eBay password and credit card info. It actually was a pretty good attempt at phishing; the e-mail looked just like an eBay e-mail and it stated that my account had been logged into from various IPs all over the world, which it listed, and that they'd cancelled it due to this suspicious activity. Of course, the address at which I was supposed to enter my information wasn't on the eBay domain and wasn't secure. So, I did what any good internetter would do, and I forwarded it to spoof@ebay.com.

After forwarding it to spoof@ebay.com, which I did given that I recognized it as phishing, I received a form letter explaining to me that the e-mail was a phishing attempt and was not sent by eBay. No, really?

Thank you for writing to eBay regarding the email you received.

Emails such as this, commonly referred to as "spoof" or "phished" messages, are sent in an attempt to collect sensitive personal or financial information from the recipients.

The email you reported was not sent by eBay. We have reported this email to the appropriate authorities.

In the future, be very cautious of any email that asks you to submit information such as your credit card numbers or passwords
.

Thank you, Captain Obvious


6 comments:

Jodie said...

Remember, most of the world is dumb. ;-)

eeka said...

Well, yeah, which is why a lot of people fall for phishing.

But dude, it's like if I go to the police station and tell them my car got stolen, and they give me a piece of paper saying, "Your car has been stolen; it is no longer where you left it. This was done by an unauthorized person and is known as theft. Stealing cars is illegal. Should your car be stolen, please report this to the police." :o)

EEK said...

That's probably more than the police would actually do if your car got stolen.

LaDivina said...

I got one of those the other day, except it was from amazon. Except that when I viewed the message header, the address was ebay.com.

Duh.

eeka said...

> the address was ebay.com

In other words, some fartknocker learned how to forge an eBay address, then got bored sending out eBay phishing and decided to expand a little, only they didn't even know how to change where the forged address came from.

ladivina said...

uh huh.