Do You Know What "Phishing" Is? ©

by Cheryl L Coccaro - 2005

No, it doesn't mean you grab a "fishing"pole and head to the nearest phishin’
hole to catch some phish.

Phishing has a much more sinister meaning. The official definition of "phishing" is as follows: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be
used for identity theft.

The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

The Web site that you are directed to is bogus. Set up only to steal the user’s
information.

Phishers are also on the prowl for any business information. Your business credit card number, for instance, is like gold to a phisher. Same for your bank account number, lines of credit information and financial data.

Phishers prey on ignorance, fear, and emotion.

They also play the numbers game. The more bait they email out, the more phish they'll catch. By spamming large numbers of people, the "phisher" counts on his email being read and believed. Those people who will volunteer their personal and credit card information are scammed.

One group that is constantly baited by phishers is the eBay community.

There’s not one day that goes by that I don’t receive an email supposedly from
eBay asking me to update my account information. I know better than to fall for this scam, but I have to admit, the latest scam email is pretty convincing. Even I gave this one a second look before I realized that the phishers were at it again.

The sender of this email is listed as:
eBay Member and the email subject line reads:
Question from eBay Member.

The email begins: "Question from eBay Member -- Respond Now.

eBay sent this message on behalf of an eBay member via My Messages.
Responses sent using email will not reach the eBay member. Use the Respond Now button below to respond to this message." The email then takes on a threatening tone.

It reads: "Question from iboughtfromyou: I'm still waiting payment for my item for about 7 days. What happened? Please mail me ASAP or I will report you to eBay."

I was then prompted to respond to this rather disturbing email by clicking a "Respond Now." button.

Listen to me: DON'T TOUCH THAT BUTTON!     NEVER!

Of course the email was NOT sent by an eBay member or sent via eBay's messaging system, as it appears. Doing so will take you to a website designed to look like eBay where you will be prompted to login using your eBay user name and password.

Once you pass this point you will be asked to update your account information before proceeding. Unknowing you will offer not only their eBay password, but personal and credit card information, as well, without even knowing that they are about to have their identity stolen. The one thing that makes this scam so effective is the threat by the supposed eBay member to "report you to eBay."

The email preys on the fear of most eBay members that they are in danger of receiving negative feedback. Many eBayers would rather have you cut off a thumb than leave them negative feedback. It is this emotion that the new phishers are hoping to hook and I expect it is working well.

The phisher is betting that most people will either be horrified by the threat of being wrongly reported to eBay or they will be ticked off that some bad ebayer is threatening them by mistake. Either way the phisher is counting on a percentage of people to have a freak out reaction and login to the phisher’s fake eBay website to clear matters up quickly. Be warned and don't fall for this scam.

NEVER reply directly to an email that appears to have come from eBay, Paypal,
or anyone else asking you to click a link in the email to update your account information. If there is any doubt in your mind whether or not the email is really from eBay, for example, open your browser to a new window and type in the URL http://www.ebay.com.

NEVER click a link within the email to respond.

NEVER believe that an email supposedly from another eBay member is for real.
Again, do not click an email link to reply. Open a new browser window and go to eBay directly and log in. If the email was from a real member, there will be a record of the inquiry in your My eBay account under MESSAGES.

You must be made aware that there are bad PEOPLE out there who have nothing else to do but spend time trying to come up with new ways to steal your personal and business information.

Be aware.

But don't be fooled.

Don't bite the worm on the end of this "fishing" line! Remember, I told you NEVER.