5/8/2007

Now This Is Inspired

Uncle AndrewUncle Andrew
Filed under: @ 9:09 pm

Ebay Phish

I found this in my Inbox Monday morning. You can click on the image for a larger view, if you’re so inclined.

It’s a phishing scam, of course, but a really well-designed one. This is the first time I have seen a scam email that actually looked like it came from the organization it purports to represent. On top of that, the angle is—well, it’s quite effective. As an experiment in social engineering, it’s a compelling wrinkle. Lots and lots of people have eBay accounts, and while I don’t use mine very often, I think people are predisposed to treat it as the online community it pretty much is, even if this particular example is not. If I got a–legitimate–message from someone wanting to buy an item I was not in fact selling, I’d be tempted to sign on and let that person know that they were mistaken….or at least to check if someone else’s auction had somehow gotten added to my account.

As usual, the thing that most obviously twigged me to the spurious nature of the communique–beyond the blatantly un-Ebay-like URLs that populated it from stem to stern–was the horrible English. Why is a person who is skilled enough to fabricate such a truly convincing-looking official corporate communication not also savvy enough to find a fluent English speaker to write his email copy for him? I don’t think these people spend enough time dealing with this sort of thing themselves to realize just how dopey their efforts appear to the victim. How the perpetrators of these schemes continually manage to miss that crucial little detail is beyond me. On the other hand, the concept of blindly clicking on a hyperlink in an unsolicited email and doing whatever the little voices on the other side of the series of tubes tell me to do is also beyond me. Perhaps I am setting the bar too high. After all, it costs just about the same to send this sort of thinig to a million potential victims as it does to send it to one; you don’t need a high rate of response to make your ROI.

Anyways, I thought this was a notably clever scam, so I figured I’d mention it here, both as a warning to the uninitiated and as a tip O’ the hat to inventive bottom-feeding pond-scum Information Superhighwaymen everywhere. Kudos, and get bent! The scammers, that is; not you. 😛


All portions of this site are © Andrew Lenzer, all rights reserved, unless otherwise noted.