Gee, I thought you were supposed to give something made of iron or wood on your sixth wedding anniversary, not a Lamborghini.

As I was shopping online last night for a gift for my husband, I received an e-mail from “bidconfirm @ebay.com” asking me to confirm or cancel my bid for a 2006 Lamborghini Roadster. My bid, according to the e-mail, was for $339,950 (still a bit shy of my maximum bid of $340,500, said the message, so I had room to comfortably up my price).

I was pretty sure I hadn’t placed that bid. Granted, I do a lot of online shopping, but something tells me I’d remember this one - and since many of my colleagues received the same e-mail message it’s safe to assume this was a phishing expedition.

At first blush this trick seems pretty stupid; who would actually hit the “confirm bid” button? Phishers usually send e-mail messages designed to lure unsuspecting recipients to a bogus Web site that is purported to be run by a source they trust so they’ll enter sensitive or financial information. Who would fall for this obvious scam?

But I think the phisher in this case is actually quite smart. Since the e-mail contains options to confirm or cancel the bid, I bet there are plenty of e-mail users out there who are afraid that eBay some how got them mixed up with the real bidder and they will be responsible for paying $339,000 if they don’t immediately click on the button to cancel the bid.

I didn’t try it, but I’d wager my Toyota that clicking on either links in the Lamborghini e-mail would direct me to a bogus eBay Web site where a keylogging program waits in the background for me to enter my personal information.   

---