Tuesday, April 05, 2005
Why is reporting phishing emails so difficult?
I immediately went over to eBay's website, with the hope of letting them know about this incident. They have a "security center" link at the bottom of their home page. Once you click on the security center link, they ask you a bunch of questions:
Answer them and after a some more clicks, they want you to sign-in to report the issue.
Now, this begs the question: Why do they want me to sign-in just to report a spoofed email? What if I dont have an eBay account? Why not make it simple enough for a user to report spoofed email? A friend of mine was telling me that Sprint PCS wanted him to write down everything on a piece of paper and mail it to them!
Just give me a simple box (textarea or something), wherein I can simply cut and paste the contents of the email and then you guys can figure out the rest. Maybe, for the advanced users, you could also give the option to paste in the email SMTP headers. Guys, just look at PayPal's report spoof page for inspiration.
Copyright Anand Jain 2004, 2005. All rights