E-Mail Phishing

The New York Times ran a story about E-Mail Phishing, which is a type of online fraud that collects victims' account passwords and other information, after they respond to an e-mail that appears to come from a legitimate business. I have provided a number of articles in the I/O Port, beginning in June, 2004, and continuing through July, August, December, and March, 2005.

Those articles showed how a person could identify Phising (Identity Theft) attempts; the NYT article, on the other hand, begins with a specific example where a coin collector and dealer who buys and sells on eBay had his identity stolen, and someone had used his eBay account to sell about $780,000 worth of coins - about five times the online business he had done over several years - and many of the coins offered for sale never existed. Adding insult to injury, fees for hosting photos for the fraudulent auctions had been financed with $300 from Mr. Alofs's account with PayPal, eBay's online payment service.

The article then describes how eBay has taken three steps recently to increase it's security:

1. offering users of Windows-based computers a free toolbar that flashes a warning when a browser is pointed toward what it believes to be a fraudulent Web site,
2. joining an effort organized by WholeSecurity to block fraudulent Web sites, and
3. introducing a Web mail service called My Messages to get around the problem of junk mail filters blocking legitimate messages from the company to its users (the feature may evolve into a communications tool for users). The article indicated the introduction of My Messages was relatively low-key. I must agree with that, since I searched for quite a while, and could not provide a link to it, but eBay does have this page related to Online Security and Protection.