Phishing is not a new phenomenon. Just like anyone else I've been getting them for years now. They are so obvious that I just report them as spam without opening them and move on. I wonder when these guys will get tired of the usual impersonations and get on with more exciting trickeries. At least that'll keep the cat and mouse game more interesting. I'm tired of the garden variety names consisting of WaMu, Citibank, Chase, Amazon, and eBay.
So today, just for fun, I decided to open up a couple of these emails and check them out. Both were purportedly from eBay bidders sending me messages about some product I hadn't listed on eBay, the last time I listed an item on eBay was some 4 years ago. Both were obviously sent from the same source.
Inspecting the message sources I noticed that the links were actually crafted using the redirection facilities of a couple of big online names. One was via an AOL page, and the other via a Froogle page. Clicking on either whisked my browser to a page that looked uncannily like an eBay login page.
I must admit that I was impressed. The login page was absolutely identical to that of eBay's. The dead giveaway was the URL line displayed in the browser, but I could see how someone would just overlook that oddity. The host portion was actually an IP address (instead of signin.ebay.com), and even a non-standard port number was specified; 82 instead of the missing port which would default to 80. The rest of the URL however bore a total resemblance to what you would normally see for the eBay login page.
Switching from my IE 6 to Firefox 2, I was happy to see that the site had already been reported as a phishing site and Firefox immediately popped up a forgery warning, alerting me to the site's dubious status. Then I tried IE 7 and I was happy again to see that the site raised a red flag with that browser as well. Obviously the anti-phishing measures in those browsers were working, at least in this case.
I then proceeded to enter some bogus login credentials and I got what I expected. Upon submitting the information, the page displayed a pathetic apology message about being sorry for the inconvenience and even tried to relieve any possible alarm by exclaiming: "Rest assured that your private data is in a safe place."
No doubt my fake data was safely and warmly embraced by the phisher and no sooner had I submitted the page than it was being tested on the real eBay login screen by the miscreant. Of course the average absent-minded user would just grunt at the error message and then click on a now-legit link to go to the real eBay login page, mindless of the fact that his credentials had just "safely" fallen into the wrong hands.
That user wouldn't even notice the suspicious signs in the error message itself, like "apparently" spelled with one "p" or the misuse of the word "costumers" instead of "customers". With all their technological prowess and creativity, don't these guys have a basic spellchecker to at least feign a professional apearance, er, appearance?