Network World has a story today about a phishing exploit that was so realistic that even Ebay’s anti-spoofing team believed it was authentic. The blogger who first reported the incident says that he reported the suspicous e-mail to Ebay but was brushed off, even though there were several characteristics of the message that just didn’t make sense. That’s a pretty depressing commentary on the state of phishing, considering that Ebay is probably the most exploited domain the phishing world. I’m sure just about everyone has seen a convincing come-hither message purportedly from Ebay that really referenced a server in Eastern Europe somewhere.

I think 2006 will be the year that phishing takes center stage in the media coverage of computer security. It was all about spyware this year, but spyware is a slippery and often hard-to-define concept. Phishing, at least, you can understand. Unfortunately, phishing is also one of the most effective identity theft tactics there is. I was personally taken in by a phishing attack several years ago before I realized my mistake and had to scramble to change my Ebay password. And I’m presumably a lot more savvy about this stuff than the average user.

If phishers are good enough to fool even the trained investigators at Ebay, I think we’re in for a long year of creative and effective attacks.