24th May 2005

Classic case of eBay “phishing” shows need for digital literacy

posted in edtech, literacy |
What is digital literacy? One definition could be, the ability to effectively avoid being “phished.” WikiPedia defines “phishing” as “the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. It is a form of social engineering attack.” 

I have received multiple emails of late (after being away from Internet access for awhile I am digging out of many) with the subject line: “eBay Fraud Mediation Request.”

The text link in the HTML formatted email message looks like it is legitimately from eBay, but in fact it is NOT, here is the complete message presented as an image:

When I click on this link, however, my web browser is redirected to the following address:

http://61.235.97.3:81/aw-cgi/SignIn.php?mail=myuserid@myemail.domain

Anytime you are directed to an IP address (numbers) instead of a domain name (words like ebay.com) that is a big warning of something “phishy.”

A simple procedure for seeing “behind the curtain” of a website is to cut off the last part of the address: the directory names and the page address names, and go to the root domain address. In this case, that is http://61.235.97.3. After going to this page, the following is displayed:

The fact that this is NOT eBay (www.ebay.com) and there is an option to login in Chinese is a big hint this email is illegitimate. In fact, it is proof of phishing.

Further confirmation can be obtained with a simple Google search for the subject line text, “eBay Fraud Mediation Request.” The second Google search hit result (of about 11,000) is to FraudWatchInternational, confirming this email is a spoof and not correct.

Other hints this is a phishing attack are the fact that the email was sent to several people, not just to me, who have my same first name. The authors are doing some “phishing” for suckers, but not sucker fish– they are looking for human suckers!

Another technique to “look behind the curtain” of the website address and domain is to perform a “whois lookup.” By doing a simple keyword search for “whois lookup” in Google, I saw the first hit was from NetworkSolutions (a well established and well-known Internet website domain registration company) and was their free WhoIs Records search. By selecting “search by IP address” on this reputable and free search tool, I was able to learn that the owner of the actual server to whom the website in question is registered is the “Asia Pacific Network Information Center,” based out of Australia:

This Australian company is not necessarily the entity responsible for the phishing scam, but someone who is using a computer on their network with that IP address is. That is something law enforcement folks could (and hopefully will) track down eventually.

The bottom line is, don’t give out personal information using links you receive from unsolicited emails. eBay has a good page in their actual security center (http://pages.ebay.com/securitycenter/stop_spoof_websites.html) providing several good suggestions for avoiding “phishing” scams like these. They are:

- Learn the signs of a spoof email
- Get eBay Toolbar with Account Guard
- Do not click on email links that request personal information.

SO, what is the bottom line here as far as education and digital literacy? Everyone who uses the Internet and email needs to know how to do these basic things, to avoid “phishing” scams. This is part of digital literacy, and it is needed by many, not a few. 

On this day..

This entry was posted on Tuesday, May 24th, 2005 at 4:42 pm and is filed under edtech, literacy. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.