Jake McKee at Community Guy has some comments about phishing/spoofing scams. He's been receiving eBay spoof attempts and dutifully forwarding them to the special eBay mail address set up for just this purpose. Here is the auto-response:
Hello,Thank you for writing to eBay regarding the email you received.
Emails such as this, commonly referred to as "spoof" or "phished" messages, are sent in an attempt to collect sensitive personal or financial information from the recipients.
The email you reported was not sent by eBay. We have reported this email to the appropriate authorities.
In the future, be very cautious of any email that asks you to submit information such as your credit card number or your email password. If you are ever concerned about an email you receive from eBay, open a new Web browser, type www.ebay.com into your browser address field, and click on the "site map" link located at the top the page to access the eBay page you need.
He was quite underwhelmed, as you can see from his subsequent comments:
Uh...First, yes, I know what a spoofed email is, which is why I sent the mail in the first place... and to spoof@ebay.com for Christ's sake.
Secondly, thanks for the heads up that that eBay didn't send this. The lawyers will be happy that you've covered that.
Third, thanks for the helpful hints. But where's my "Thank you for doing your part to keep the Web a bit safer"??
Today, I received a similar phishing attempt supposedly from Regions Bank and, like Jake, I reported it to them at phishing@regions.com. Unlike Jake, however, I got a much better auto-response:
Regions is in receipt of your correspondence regarding a potential fraudulent or “phishing” e-mail scam attempt. Unfortunately, these types of e-mails mean that both you and Regions were the targets of criminals who were attempting to get you to share your confidential information with them. Allow us to thank you for calling this matter to our attention.These types of e-mails are never generated by Regions or any of its subsidiaries, including Union Planters Bank. We never contact our customers via e-mail to verify or request security information of any sort, nor do we ask non-customers to provide any confidential information via e-mail.
We would like to assure you that because of our proactive monitoring programs, Regions is usually alerted almost immediately to the existence of such fraudulent e-mails. Our practice is to then work with appropriate law enforcement authorities to track down their source and on any subsequent necessary measures.
If you replied to the e-mail and provided confidential information, or should you have any questions or need any additional information, please feel free to contact us at 1-800-REGIONS (734-4667). Or, if you are a Union Planters Bank customer, please call 1-800-585-5361. Please do not respond to this e-mail.
Here are some additional steps you can take if you have replied to the e-mail and provided confidential information.
Regarding Online Banking
- Change your password immediately and follow up with a call during business hours to our Online Banking Support Centers
o Regions – 1-800-395-1856
o Union Planters – 1-800-585-5361Regarding Debit & ATM Cards
- Union Planters – call 1-800-921-0086 and select the option to report the card lost or stolen
- Regions – call 1-800-295-8472 and select the option to report the card lost or stolen
OR
- Regions – call the Right Call at 1 -800-843-9234 to use the automated system to block the card(s)Regarding Bank Name Credit Cards
- Call the Consumer Card After-Hours Number – 1- 800 362-6299
- Call the Business Card After-Hours Number – 1-800 892-3219Identity theft is a growing problem throughout the world, and we take our commitment to working to stop it very seriously – as we hope is evidenced by our membership in the financial industry’s Identity Theft Assistance Corp. To learn more about how Regions is protecting your privacy and/or what steps you can take to ensure that your financial and personal information remain safe, please visit our Web site at http://www.regions.com/personal/email_fraud.html.
Regions Online Banking Customer Service
Regions Financial Corporation
Member FDIC
(I added emphasis to what I believe are the relevant parts.)
Regions Bank definitely should be commended for getting this one right.
Update: Oops! In my original post, included the Jake's suggested auto-response instead of the real one from eBay. This has now been fixed.
Posted by Jeff at March 24, 2005 02:57 PM