I try to sell some stuff that is sitting in the on eBay small ads. People will contact you via email or phone and ask for prices and pickup dates. Therefore it did not really surprise me to get a text message like this one here:
Tapping on the URL, I got to a login page. That was strange since a link to a public small ad should be, well, public. Also it felt strange that the person just pasted an URL And not referred to the product by the name. Since I did not care to enter the password on my phone, I have emailed myself the text message and opened it in the browser. And then, this happened:
To my shame I must say that I did not look at the URL closely enough. Luckily Firefox has saved me with two features: the obvious blocking message as well as the sensible highlighting of the URL. There you can see that it is a plain phishing scam. Since I was already logged into eBay small ads on a different tab, I would have wondered why I had not been logged in again, if Firefox would not have saved me.
I think this should not have happened to me as thought I would spot stuff like that. It just has been engineered well enough to trip me.
This highlights a thing that has been bugging me a long time now: Domain names
are backwards! The hierarchy of the subdomains is roughly this:
A is the top-level-domain, often
B is the actual domain, say
C could be
D/E might be something like
en/articles. In full, it reads something like
www.martin-ueding.de/en/articles. As one can see with the phishing scam, the
left-to-right reading direction and this ordering of name parts does not make
too much sense.
If the URL had been
and one would expect
http://de.ebay-kleinanzeigen, I would certainly not have
fallen for it. But with the URL starting off with
looks pretty legit.
The same thing is with the German date format DD.MM.YYYY. Also "Firstname Lastname" is somewhat odd. But there is no way to change that now, this is just another idiosyncrasy that one has to work with.