Tuesday, April 05, 2005

Why is reporting phishing emails so difficult?

The other day, I received a email that claimed that my credit card on file with eBay had expired and I would need to re-enter my account details. One glance at it and I knew it was a phishing email.

I immediately went over to eBay's website, with the hope of letting them know about this incident. They have a "security center" link at the bottom of their home page. Once you click on the security center link, they ask you a bunch of questions:



Answer them and after a some more clicks, they want you to sign-in to report the issue.



Now, this begs the question: Why do they want me to sign-in just to report a spoofed email? What if I dont have an eBay account? Why not make it simple enough for a user to report spoofed email? A friend of mine was telling me that Sprint PCS wanted him to write down everything on a piece of paper and mail it to them!

Just give me a simple box (textarea or something), wherein I can simply cut and paste the contents of the email and then you guys can figure out the rest. Maybe, for the advanced users, you could also give the option to paste in the email SMTP headers. Guys, just look at PayPal's report spoof page for inspiration.

Comments:
Very informative. Bhai told me about this! This is insane in the membrane
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?

Copyright Anand Jain 2004, 2005. All rights reserved.
Webmaster