IDG News Service - A sophisticated phishing attack has proved to be so successful, it has tricked eBay Inc.'s own fraud investigations team into endorsing it as legitimate, according to an independent security consultant who reported the attack to eBay.
In late November, Richi Jennings received a fraudulent e-mail message containing the subject line "Christmas is Coming on ebay.co.uk." Offering him "great tips for successful Christmas selling," the message directed him to the Web site Ebaychristmas.net, which then asked Jennings to enter his eBay username and password, as well as the name and password for his e-mail account.
Jennings, who writes the IT BlogWatch column for Computerworld, reported the site to eBay on Nov. 25, and four days later he got a note back from the company's investigations team claiming that the e-mail message was, in fact, "an official e-mail message sent to you on behalf of eBay."
Jennings was dumbfounded. He immediately wrote back to eBay pointing out that the Web site being used was clearly fraudulent, but his e-mail went unanswered.
On Monday, an eBay spokeswoman confirmed that the e-mail message was indeed part of a fraud, but she could not explain why it had initially been identified as legitimate. "I don't know the answer to that," said spokeswoman Amanda Pires. "I'm assuming right now it was just an error."
From their initial response, it appeared that eBay's investigators did not take his concerns seriously, Jennings said. "They never actually used the word idiot, but I felt like they were calling me an idiot," he said. He believes that the e-mail message in question bore such a close resemblance to a legitimate eBay message that the company's investigators were simply tricked by the scam.
Pires said that eBay had, in fact, been working to take down the phishing site since Nov. 8, weeks before Jennings even contacted the company.
Both Jennings and eBay agreed that the phony Web site has been set up in such a way that it is extremely difficult to shut it down. The Web site's server software is being hosted on a variety of different PCs that appear to have been taken over by malicious "bot" software. Whenever eBay succeeds in getting one of these servers shut down, a new one pops up to take its place, Pires said.
"This is one of the cleverest [phishing attacks] I've seen in a while," Jennings said.
EBay has also been trying to shut down the Web site by working with the Internet registrar that was used to acquire the Ebaychristmas.net
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
