Gone Phishing

sorry!
The New York Times > Technology > On EBay, E-Mail Phishers Find a Well-Stocked Pond: "On EBay, E-Mail Phishers Find a Well-Stocked Pond
By IAN AUSTEN

onald Jay Alofs got a call last fall at home asking if he had recently bought several thousand dollars worth of electronics. Mr. Alofs had not, and he had a good reason for not being on a spending spree: he was in the hospital at the time.

Things got worse for Mr. Alofs, a coin collector and dealer who buys and sells on eBay. His inbox was soon filled with e-mail messages from irate buyers: someone had used his eBay account to sell about $780,000 worth of coins - about five times the online business Mr. Alofs had done over several years - and many of the coins offered for sale never existed.

Adding insult to injury, fees for hosting photos for the fraudulent auctions had been financed with $300 from Mr. Alofs's account with PayPal, eBay's online payment service.

The source of the trouble, he believes, was that his eBay and PayPal accounts were hijacked through what is known as phishing, a type of online fraud that collects victims' account passwords and other information, after he responded to an e-mail that appeared to come from a legitimate business.

'At first those e-mails were a joke with the misspellings and mistakes,' said Mr. Alofs about the phishes he received a couple of years ago, when the practice was relatively new. 'Now with the copyright statements and the logos, they look so real. I don't know how you'll ever tell them apart.'

For eBay, phishers are more than just an expensive irritation. EBay is among the five companies most frequently targeted by phishers, according to David Jevans, chairman of the Anti-Phishing Working Group, an industry association that includes ..."