Give a man a phish

Well, my sense of invulnerability to the constant email barrage of ebay and online banking phishing scams has eroded tonight. I’ve won the humiliating scarlet “I” (for Idiot) for being suckered by a (seemingly) new scam that forced me to change my eBay password after realizing I was so easily duped.

Here’s the email I got:

My first thought was “hmm, I never asked anything about any sports memorabilia”. So instinctively I want to know what the hell is going on with my ebay account – did someone ask a question via my account without me knowing? Is someone going to bid on a thousand dollar baseball jersey with my PayPal account? Like a lemming, I click on the item number link, and I get the “ebay” login screen. At this point I’m still thinking “I better log in and try to find out if someone’s hacked my account.” It fails my login a few times, but then succeeds, because I think the third attempt is the REAL eBay login page – the other login screens were part of the scammer’s site recording my username and password (the link was http://signin.ebay.com-ws.org/signin.html — as soon as I saw that com-ws.org domain, the jig was up.)

*Sigh*. So stupid. Ah well, I changed my password before anyone could do anything with my account. And I’ll know better for next time. Meanwhile, there’s an online bank that really needs me to “update my security info.” They are really interested in all my credit card numbers, too. I better go log in and give them the updated info!

UPDATE:

A related quote:

“If you give a man a phish, he has a stolen credit card for a day. If
you teach a man to phish, he will eat three square meals daily for a
lifetime; perhaps served from behind bars, but he will not go hungry.”

Leave a Reply