Saturday, April 21, 2007

Overstock a phising site?

I recently got a very scary email. It said that I had purchased ladies Gucci glasses off of eBay and asked for me to pay. Well I had heard of phishing e-mails before, so I went on ebay.com (without clicking any links in the email) and checked my account. And what do you know, I DIDN'T BUY ANY GLASSES!

So I reported the email to eBay. They sent back the confirmation letter saying that they didn't send me the email.

I decided to do a little further research. The email said it was from emmajayne1981. The item number was valid on eBay (as Gucci glasses too) but I wasn't the winning bidder. I looked a little deeper into the email. I found the real email address as 834588375021345.009.2055.46986.1@obay.com .

oBay.com. That's actually kinda clever.

Normally you can't get an email unless you have an affiliation with that company or you purchased or registered for an email through that site. So I typed obay.com into Internet Explorer and found something wierd. Overstock.com's website. Overstock is a competitor of eBay.

Now I couldn't prove that Overstock owned this website just yet. This could have been fake, just like that email. I headed over to Network Solution's website. If you type in a websites address it will tell you everything about it, including who owns it. Turns out that Overstock really does own it.

This seemed kinda wierd so I searched oBay on Yahoo!. I found a news article saying that Overstock orignally was going to be called Obay putting a big emphisis on the O. They bought the site domain but couldn't call themselves Obay. This is a copywright infrigement on eBay's name. So they kept the domain but changed the name of their site.

Now my question is, since this email came from an Obay domain, does that mean that Overstock is phishing eBay customers?

I'll leave it to you to think about.

5 comments:

Anonymous said...

It's easy to spoof return emails, and I bet ebay.com is a serious red flag for phishing filters, so whoever sent it spoofed his email as obay just to look like ebay and have a better chance of getting through.

Respectfully,
Patrick

Anonymous said...

PS I should have identified myself more clearly: I am the CEO at Overstock.

Brandon Lee said...

Well thank you for writing to me. I guess I didn't do my research. You sure did however, finding me and all. The only thing I wonder now is why they chose an obay name instead of ebay?

I will post an update with this information so you don't get a whole conspirasy group after you. ;)

Jeff and Charli Lee said...

I am constantly battling fake ebay and paypal spoof emails. It doesn't bother me too much because I know better than to follow their links. But I am worried about people with less experience getting trapped by these phishing schemes. This is one area that I think could use some better regulation.

B. M. Lee said...

Sorry. Brandon is my gmail account.