François Nonnenmacher (EN) | FR

I'm used to report phishing when I get one in my mailbox. Last Thursday (Jan 5) I received one attempt disguised as an eBay email asking me to verify my identity. I went to eBay.com, only to discover that they've removed all practical means to report such abuse. In order to report a security issue to eBay, you have to go through a registration process, which is utterly ridiculous.

So I reviewed the source of the email, did a whois on the phisher site, found that it was hosted by Telefonica in Spain and reported it to the abuse address listed on the IP range in the whois. Today I received confirmation from Telefonica that they shut the site down. Kudos to them for this, and taking the time to reply to me! eBay should thank them too, they care more about the security of eBay customers than eBay itself, apparently.

Speaking of phishing, I just discovered this anti-phishing group (heh, I see eBay has a prominent place on the sponsors list). Also Netcraft has an anti-phishing toolbar. I've tested neither of those, but I think that if there was some internet-scale way to submit a suspicious email and get the providers co-operate a bit, phishing attempts would not fly long before being caught and stopped.