quote:
Originally posted by kcvet67
The frequency of these phishing expeditions seems to be tied to ebay activity, which makes sense. Weeks when I buy a lot I can count on more of them. I guess what I'm trying to say is that it's not a random thing just pulled from a member list. The odd thing is that they're invariably for items that I don't normally buy, so whoever is doing it hasn't thought it out too well.
Actually, it's more of a function of the numbers of times your email address has been harvested by spambots, crawlers, or other electronic spiders crawling the web. One's address is most vulnerable if it has been directly referenced on an online forum, chat room, or website. With regard to
ebay, if an auction description has included an address in the text in standard email format (e.g., "alibaba@babble.com") instead of a camouflaged address without the "@" symbol (e.g., "alibaba AT babble.com"), it is far less likely to be picked up by the crawlers. While it can also be retrieved from a hypertexted reference, it is far less likely that a crawler has retrieved it. Both
ebay and PayPal have a pretty good record of keeping their members' addresses hidden from crawlers (unless a member has shot himself in the foot by putting his address on public display in an auction).
There is also another source for phishers to obtain addresses: persons who use a relatively common domain name, e.g., yahoo.com, hotmail.com, comcast, att, msn, and ten thousand others are potential victims when spammers, phishers, or whoever send out millions of emails using random names and/or numbers combinations. For example, someone with a self-designated username at a larger (say, 10K) domain is eventually going to become a target. A username such as "John62368@comcast.com" is a fugitive from the law of averages if he hasn't already become a spam/phishing/Nigeria-scam target. While an address-generator might send out 75 million fake messages and have 70 million bounce back, he now has 5 million good addresses to use himself or sell to other phishing expeditions.
A number of us use an alias or forwarding address instead of our direct email addresses when doing anything online which might become public, managing our own websites, or otherwise keeping hidden our actual addresses except when dealing with trusted financial institutions. 95% of the junk including ALL spoofed
ebay and PayPal I receive is to one specific alias address which is how I know the message is junk since I never use that address for financial transactions. Call it a decoy address.
There are plenty of techniques to protect oneself again the spoofers, but this response is already getting too long. On of the best ways is to secure an address with a tiny ISP which offers several addresses for each subscriber and use that only for personal financial matters, using another address for more public purposes. But, nobody's address is absolutely safe from being harvested although, as mentioned above, there are techniques for minimizing an address's vulnerability.
Posted 06/02/2006 11:44 am
