InformationWeek > Parry Aftab > Phishing By Brand Name: Tips On How To Check For Fraud > January 26, 2004

InformationWeek > Parry Aftab > Phishing By Brand Name: Tips On How To Check For Fraud > January 26, 2004
The first reports of spoofed E-mail links and phishing using the eBay and PayPal brands arrived in the first quarter of 2003. Some of these reports were referred by the online safety and help group I run, WiredSafety.org, and its law-enforcement division, Cyberlawenforcement.org. EBay quickly responded to this threat by providing consumer alerts to the members of its community of 86 million registered users. The alerts were distributed via administrative E-mails and top-level postings on the community boards.

By mid-2003 eBay's Dave Steer (formerly from Trust-e, a nonprofit global privacy certification and seal program) had constructed an extensive tutorial for eBay users. The tutorial advised its members to check the headers on E-mails, the browser window displaying the URL of the site, and the URL itself. (It also explained that all can be spoofed.)

Using the consumer-responsibility model, eBay warns that all spoofing fraud is avoidable by being careful. It advises that the member should access the eBay site directly by typing it into their browser, or using the "my eBay" browser bar if they have any doubts about an E-mail's authenticity.

The tutorial can be found at: http://pages.ebay.com/education/spooftutorial/