How to Avoid Falling Into the Phishing Hole

Making Contact With the Scammer

When I e-mailed the person behind the scam and expressed interest in the fake auction of the 1961 Volkswagen Microbus, I received an e-mail from "Charles," who wrote:

"I'm glad that you're interested in my 1961 Volkswagen Bus/Vanagon Safari. Let me tell you all about this transaction. This was my brother's car, he died and left me the car in his will, I'm selling so cheap because it brings bad memories..."

"Charles" said that the car was in excellent condition and was located in Augusta, Maine. If I was interested, "Charles" said, I could use an escrow service called Yahoo Finance to send him the money to buy the car and pay for its delivery.

For the record, while Yahoo does run a business and finance site called Yahoo Finance, Yahoo does not run an escrow service by the same name.

Next, "Charles" explained, once Yahoo Finance received the money, the car would shipped by FedEx through a service called Passport Auto Transport.

The next day I received an e-mail purporting to be from Yahoo Finance. It explained how the service would hold payment to "Charles" until both parties were satisfied with the transaction. The e-mail instructed me to send payment by a Western Union money transfer to a Yahoo Finance "agent" located in Miami.

When I requested to speak with "Charles" over the phone, as a prospective buyer, I never heard back from him. The site hosting the fake eBay page is registered to Ivan Iargomski in Saint Petersburg, Russia, according to domain name registration records. Messages to that e-mail address were not returned.

While eBay and other sites may struggle to prevent attackers from planting cross-site scripting traps on their pages, eBay users can decrease their odds of falling prey by installing the free eBay Toolbar. This browser add-on, which works only with Internet Explorer, alerts you if you're redirected from eBay to a third-party Web site.