Thursday, August 16, 2007

Reporting phishing to eBay? Don't email abuse....

I received a good phishing email today; so good that I actually had to devote some brain cycles to make sure that it was indeed a phish. Being involved with computer security incident response myself, I write a nice report about the message, sign it, and send it off to abuse@ebay.com.

To my surprise, it bounces back with a message stating that "This email address is no longer in service".

Wft?!

I would think it is in the best interest in any organization to have a working abuse address; let alone a company that is pretty much constantly under attack. How dumb can you be to discontinue an RFC-recommended email address that anyone who knows a little bit about incident response would use?

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.