eBay fights back against phishers

eBay has moved to squelch spoofed e-mail bearing its name by introducing a private mail service.

In recent weeks, the online auctioneer introduced My Messages, a free, personalized in-box for eBay customers that contains communications only sent from eBay. That way, members can be sure to avoid spam in disguise or phishing scams designed to lure people to a fake eBay Web site in order to capture credit card numbers or other personal information.

"You'll know that the messages you get from eBay are truly from eBay," said Chris Donlay, a spokesman for the online auction company. "This is one way to fight spoof e-mail and phishing."

Phishing is one of the fastest-growing forms of personal fraud in the world. While consumers are the most obvious victims, the damage spreads far wider--hurting companies' finances and reputation and potentially undermining consumer confidence in the safety of e-commerce.

Related feature
Have you been phished?

Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

Such scams are a growing headache for companies online, but eBay and its financial payment service PayPal may be among the most targeted because of eBay's brand name and massive marketplace. Financial institutions and online retailers are also the targets of e-mail scammers, according to the Anti-Phishing Working Group.

According to a report from online privacy watchdog Truste, 7 out of 10 people who go online have received phishing e-mails, and 15 percent of those have been duped into providing personal information.

San Jose, Calif.-based eBay has been assertive in fighting scam artists. Last year, for example, the company introduced a security feature for its toolbar that can detect when users are visiting a fraudulent eBay Web site.

Its newest message center, which is the result of member suggestions, is only in the first phase of development and could eventually incorporate member-to-member communications, Donlay said. Future versions have yet to be decided, he said.

Peter Cassidy, secretary general for the Anti-Phishing Working Group, said eBay may lead a trend in the industry toward privatized e-mail services designed to circumvent fraudulent e-mail. For example, he said, the banking industry has already held talks about building a secure e-mail system for customers. But the financial threat of phishing scams has yet to prove large enough to force the industry's hand, he said.

"I'm not surprised that eBay's doing innovative things because they've been phished for nearly five years," Cassidy said.

eBay began notifying some members of the new message center over the weekend.

[raitchison]

I don't see how this could help

So there is a new, private messaging system that eBay will use. Anyone savvy enoungh to know about it is already more than smart enough to not be duped by a phishing E-Mail.

Really I'm not sure how anyone (even an AOLer) could be fooled by a phishing scam with all the attention this subject has gotten lately.

Mailchannels has a solution that seems to work.

It works against phishers. It's pretty cool. www.mailchannels.com

There's more info about them at http://www.ch4nce.com/story/2005/1/5/01536/17988 and http://www.ch4nce.com/story/2005/1/5/01324/70303

[hadaso]

Fragmenting communications: what a stupid idea!

What eBay does here is nothing new, and is not a replacement for email: every decent online forum/community software has facilities for private communications among members. It does not replaces email. Both banks I work with have a sort of private "email" service. I don't use them. What's the point in having a separate mailbox for each sender (having a different address pointed at the same mailbox is different. I use both sneakemail.com and spamgourmet.com for this).

Instead of what they are doing they should promote technologies on the line of VarA, that make phishing practically impossible (see http://wiki.outboundindex.net/VarA )