Security Information

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?

No, it doesn't mean you grab a pole and head to the late to catchsome phish.

The official Webopedia definition of "phishing" is as follows:

The act of sending an e-mail to a user falsely claiming to be anestablished legitimate enterprise in an attempt to scam the userinto surrendering private information that will be used foridentity theft. The e-mail directs the user to visit a Web sitewhere they are asked to update personal information, such aspasswords and credit card, social security, and bank accountnumbers, that the legitimate organization already has. The Website, however, is bogus and set up only to steal the user'sinformation.

Phishers prey on ignorance, fear, and emotion. They also play thenumbers game. The more bait they email out, the more phishthey'll catch.. By spamming large groups of people, the "phisher"counts on his email being read and believed by a percentage ofpeople who will volunteer their personal and credit cardinformation.

The latest attempt by identity theives to steal the personalinformation of eBay members hit my inbox earlier this week and Ihave to say, this one is pretty convincing. Even this old dog dida double-take before realizing that the identity thieves werephishing for my personal information again.

The sender of this email is listed as: eBay Member - rivernickand the email subject line reads: Question from eBay Member.

The email begins: "Question from eBay Member -- Respond Now. eBaysent this message on behalf of an eBay member via My Messages.Responses sent using email will not reach the eBay member. Usethe Respond Now button below to respond to this message."


Of course the email was NOT sent by an eBay member or sent viaeBay's messaging system, as it appears.

The email then takes on a threatening tone.

It reads: "Question from rivernick: I'm still waiting payment formy item for about 7 days. What happened? Please mail me ASAP or Iwill report you to ebay."

The recipient is then prompted to respond to this ratherdisturbing email by clicking a "Respond Now." button.

Doing so will take you to a website designed to look like eBaywhere you will be prompted to login using your eBay user name andpassword.

Once you pass this point you will be asked to update your accountinformation before proceeding. Unknowing souls will offer notonly their eBay password, but personal and credit cardinformation, as well, without even knowing that they are about tohave their personal information stolen.

The one thing that makes this scam so effective is the threat bythe supposed eBay member to "report you to eBay."

The email preys on the fear of most eBay members that they are indanger of receiving negative feedback. Many eBayers would ratheryou cut off a pinky than leave them negative feedback. It is thisemotion that the new phishers are hoping to hook.

The phisher is betting that most people will either be horrifiedby the threat of being wrongly reported to eBay or they will beticked off that some jerk is threatening them by mistake.

Either way the phisher is counting on a percentage of people tohave a knee-jerk reaction and login to the fake eBay website hehas set up clear matters up.

I've yet to see what percentage of people who receive thesephishing emails fall for the scam, but if a phisher gets 1% ofrecipients to turn over their personal information, he willprobably consider his phishing expedition a success.

I've warned you about these phishing scams before, but let'sreview it one more time.

NEVER reply directly to an email that appears to have come fromeBay, Paypal, Amazon, or anyoen else asking you to click a linkin the email to update your account information. If there is anydoubt in your mind whether or not the email is really from eBay,for example, open a browser and type in the URL NEVER click a link within the email torespond.

NEVER believe that an email supposedly from another eBay memberis for real. Again, do not click an email link to reply. Open abrowser and go to eBay directly and log in. If the email was froma real member, there will be a record of the inquiry in your MyeBay account.

You must be aware that there are bad guys out there who donothing but spend time trying to come up with new and innovativeways to steal your information.

Be paranoid. Be aware. But don't be fooled.

The phishers will cast their line, but you do not have to takethe bait.

Here's to your success,

Tim Knox

Tim serves as the president and CEO of three successful technology companies and is the founder of, an online organization dedicated to the success of online and eBay entrepreneurs.

could not open XML input