« Board minutes from 19 April | Main | Classical ear-openers. »

How not to do fraud reporting: eBay.

Trying to be a good network citizen, I tend to make sure that I report ongoing fraud attempts and phishing expeditions that make it into my inbox. Today, two messages posing as eBay, and trying to get eBay login information and credit card information; the server used runs on a DSL line in Latin America. The fake was obvious since I'm a member of eBay Germany (and they talk German to me, not English) -- still, it's a bad thing, others may fall for it, and (unlike myself) eBay has the incentives, means, and resources to make sure the proper investigations are launched, and measures are taken to shut this down.

On to ebay.de we go. After about 5-10 pointless pages, a web form. The e-mail message and relevant log file entries are cut and pasted, the "submit" button is clicked -- and then I'm just told that my message can't be accepted.

The only other means of contact: A 0900-* phone number at 59 Euro Cents per minute -- and then, all you get is a pointer to <spoof (at) ebay.de>, by e-mail, after you have expensively spelt your e-mail address to the customer services representative.

Why isn't <spoof (at) ebay.de> featured prominently on their web site? Why are they bothering people with web forms when they have to forward the messages in question by e-mail anyway? Why do I have to spend several minutes on the phone before I get the necessary e-mail address? Why do I have to pay for that, at rates an order of magnitude more expensive than international calls?


TrackBack URL for this entry:

Comments (6)

spoof@ebay.com works: http://pages.ebay.com/help/confidence/isgw-account-theft-spoof.html ... "Report Suspicious Email to eBay "To report email requesting account information that you suspect was not sent by eBay send us the email with the complete message text and full header or forward the entire message to spoof@ebay.com using the forward function of your email program. When forwarding the message, do not change the subject line, send additional text, or forward the message as an attachment. Forwarding the message in this manner will allow us to review the message headers and any other information that may be attached to the email. "The spoof@ebay.com email address is reserved for handling reports of attempts to impersonate eBay. In order to investigate these reports in a timely manner, we can only accept forwarded messages at this address.
Mh. I guess I'm looking a little clueless right now. Let's have another look at ebay.de -- more precisely at <http://pages.ebay.de/sicherheitsportal/>. There are two click paths from there, translated: "Recognizing fraudulent e-mail" ("Spotting a Spoof (Fake) Email" on the US page), and "Report problems. Let us know when you have problems with fraudulent e-mail or with other members." I followed the latter link, and ended up with all the forms and the telephone contact information I was ranting about this morning. It's the same kind of usability hell you get to when you click the prominent "Report a Problem" button on the ebay.com Security Center page, by the way. "Recognizing fraudulent e-mails" directly leads to the German version of the page you were referring to, with pointers to spoof@ebay.com all over the place.
Of course, if ICANN approves the .Mail application, this is just the kind of email that it will help to prevent. Why not post a message of support to the public comment forum?
Chris: Because I'm not convinced that .Mail is indeed the right fix for the problem?
And it does get stranger still. PayPal Germany has a German language address called taeuschung@paypal.de (which is "spoof" translated). If you forward the spoof mail you received, you get a thankful note -- and you're told to forward it to spoof@paypal.de.
And even stranger than that. I forward the spoof to the requested address -- and got this: spoof@paypal.de SMTP error from remote mailer after RCPT TO:[spoof@paypal.de]: host data.ebay.com []: 550 5.1.1 [spoof@paypal.de]... User unknown


This page contains a single entry from the blog posted on April 22, 2004 8:37 AM.

The previous post in this blog was Board minutes from 19 April.

The next post in this blog is Classical ear-openers..

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.35