Don't give your details to a Phishing Email Scammer!

Views 16 Likes Comments Comment
Like if this guide is helpful
A 'Phishing' or 'Spoof' email is an email that appears to have come from an organisation, but is actually from a scammer hoping to get their greedy hands on your account and/or personal information. Some may just be after your eBay account login details to hijack it. With your eBay account, they would list expensive items and scam unsuspecting new eBay users with it. They would be especially successful if you have a high feedback rating. Some will ask for stuff like your address, credit card details, etc. If you PayPal account gets hijacked, then they'll go on spending sprees. Even if you're able to recover the money, it'll be a a pain to deal with. Also, PayPal will probably give an honest seller a hard time with a chargeback. The seller will probably have posted their item, then had the money taken back by PayPal, and PayPal will charge the seller £8 for the privilege...so it's not just about the eBay'er that has his/her eBay / PayPal account hijacked!

The spoof emails come in many forms mimicking genuine emails. eBay and PayPal have become the most commons type.

WHAT TO LOOK FOR

The email beginning with "Dear eBay member" is a right give away. eBay / PayPal always use your full registered name.

Some might have "Your registered name is included to show this message originated from eBay" at the top, yet your name is nowhere to be found.
Spelling errors is another give away but many of the spoof emails have become so realistic that they do not have any spelling errors.

Some will ask you to click on a link within the email asking you to "Verify your account". Always log into your PayPal, eBay, (account with any other organsation keeping your personal details) by typing the address into your browser (or use your own bookmarks, I suppose). They will not ask you to click on links within your email.

The URL's will usually be disguised using HTML but some have URL's that look like an eBay address with slight variations.

For example: www.e8ay.com, www.ebbay.com

Some may look something like: www.ebay-com.ws/etc/etc... (The URL address has .WS suffix, not .com)

If it's disguised using HTML, then when you load the address, it may even begin with a series of numbers.  e.g. 125.121.157.52. That is an example of an IP address I made up. All computers connected to the Internet have a unique IP address. URL's (i.e. www.ebay.co.uk) actually point to an IP address. Obviously, we have URL addresses because they are easier to remember. The IP address in a spoof email may be the scammer's IP or their web host. eBay have their own domain so their pages address do not show the IP at the front.

You should not click on links in spoof emails in case the scammer has viruses on their eBay look-alike site. Make sure you have a firewall installed as well as Anti-Virus program. Update this weekly. If you hover your mouse pointer over a URL in a spoof email, either in an email client like Outlook / Outlook Express or in a webmail account in your web browser, the 'true' address will apear either in a tool tip box or in your status bar.

An address like www.ebay.com may actually take you to a site outside of eBay.

For example: http://www.ebay.co.uk

That'll take you to eBay Ireland, not UK despite it displaying an eBay UK address. (if I did it right at least)

Ever noticed the yellow padlock in the status bar of Internet Explorer when you log into some sites?
...or your address bar turning yellow in Firefox?
...or that yellow box at the end of the address bar with a padlock in Opera browser?

The URL will begin with https instead of the usual http. That means that the page uses SSL (Secure Socket Layer (or something)) encryption and details submitted are scrambled. Sites need to buy Security Certificates from companies that do this, and a phishing site would not have secure pages. The eBay Sign in page is secure so look out for the 'secure page' indciators (padlocks, yellow bars, https). The entire PayPal site is secure.

TYPES OF PAYPAL / EBAY SPOOF EMAILS

eBay Billing / Confirm your detail - These usually say that if you don't confirm your personal details, or that you haven't paid your eBay invoice. It'll go on about suspending you if you don't sort it out before a certain date. It'll usually have a link for you to sign in.

Ask the Seller a Question - Often with a message like, "where's my item? I've paid and waited over a week. Email back or I'll report you!". The emails look just like the authentic ones with the 'RESPOND NOW' yellow buttons, but using that button takes you to a fake sign in page. If you enter your login details and hit ENTER/ press submit, your login details will be sent to the scammer.

Verify PayPal Account - Often tells you that there has been unusual activity, or your details are not up to date so to do it before a certain date.

eBay Item Won - You may get one saying you have won an item that you've never heard of.

Second Chance Offer - An item that you've bid on but not won. The item may be real and may actually be something you've bid on. Usually high profile items. If the price looks too good to be true, then it probably is!

Power Seller Invitation - I've been getting a Silver Power Seller Invitation spoof even before I got my Bronze Power Seller badge. I was only making enough sales for Bronze so that was my give away. The email really does look authentic though. Can't remember what the real one looks like. I actually thought the real one was a fake because of all these stupid spoofs. Only difference with the real invitation for me was that it was for Bronze Power Seller status.

There may be others that I've not seen. You may get spoof emails that look like they come from banks. Even your own bank.


=====================

Stay safe (because I'm sick of reading about people falling for these emails in the papers and on the eBay Community boards). Keep your eyes peeled.

Forward eBay spoof emails to:

spoof@ebay.co.uk / spoof@ebay.com

Forward PayPal spoof emails to:

spoof@paypal.co.uk / spoof@paypal.com

They may actually do something about the fake sites by reporting the site owners to their hosts and having their accounts suspended.

Thanks for reading!
Have something to share, create your own guide... Write a guide
Explore more guides