Hi all,

Some months back, I had someone try to sign up for hosting with the domain "cgi17-ebay.com". A few other factors did not add up (such as, no payment was made and they did not respond to emails asking if they wanted to make payment and continue with setup), but even so, this really really looked like a domain that someone would have tried to use in a phishing scam. It was just too obvious. (To make matters sillier, they wanted us to register it.) We did not process the account signup, though we did wait for 72 hours before completely voiding the order.

My question is: should suspected phishing signup attempts be reported to someone, and if so, whom? Where would you draw a line at "looks obviously suspicious"? Would it have to be something like the ebay knockoff attempted above?

With all the ebay related scams I would report to ebay or paypal. The problem I have had in the past is finding a contact to report to. Paypal and ebay are use so many preset trouble forms you can't find a direct email.

When trying to report a user selling pirated copies of software recently I ran into problems with paypal because my account had no been affected. Finally the software vendor had to contact paypal. By that time two users had already been scammed out of money.

I have had this kind of thing before but just refused to host thesite.
I was also asked to register the domain in my name so that made my mind up even more..

I would like to know where you can report it to but I dont know anywhere to be honest.
Paypal has really bad support so I wouldnt even bother contacting them now

Like RoxOff and John have stated... try contacting either ebay or paypal. I have had problems like this in the past. I think the domain was like upgrade-yahoo.com or something like that. Again the user was not wanting to purchase the domain themselves and wanted us to register it under our name and let them use it.

They kept telling me that they had a thing similar to DEAD AIM which was to be used with yahoo instant messanger. I asked them several times why the domain name was to be registered under our business and not theirs. Their answer was simply "it's more convenient".

I picked up on that rather fast.

This particular issue is long since gone - but in the future, if we see any sites that look like they're trying to register something that looks like a phishing domain, contact the actual valid domain holder, then?

here you go Lesli, check out this site:
http://www.antiphishing.org/report_phishing.htm

Thats to report any sites or emails which are phishing

Thanks, Rob - that looks like a plce to start.

I'd really like to see these individuals tracked, identified, and punished. Wonder if there are statistics on how frequently that happens vs. the successful phishing attempts (ie, the &!&^#% phish that got away)?

There is a article in the newest PingZINE on this, I would report it to that site.

the site in this post max?
I have seen a lot of sites which are doing this but most of the time I can see something on them thats different and noticable from the real sites, sometimes its not so easy though

Yes, the site in this post