Fake eBay e-mails

[Babe RuthLess]

Hi everyone, this message goes specially to those of us who are registered and use eBay regularly...

From time to time we all receive fake e-mails claiming to be from various sources (banks, e-commerce sites, etc.). I have received several such e-mail from "eBay" (well, idiots pretending to be from eBay) so, whenever I receive something asking me to log in there, I just report the e-mail.

eBay will, from time to time, send you e-mail advertisements (like special discounts if you list an item starting £1, etc.). They also send you "watch notice" e-mails telling you that some auction you're watching is going to end.

EBay has never sent me a real e-mail asking me to update anything.

This is all very obvious. So why am I telling you this? Because today I received a spoof "ebay" e-mail that freaked me out. The link it provided started the same way all eBay safety tutorials tell you a proper eBay link should (even with https://, plus the proper server, etc.). The language was exactly what you've come to expect from them. All in all, this one almost had me (the link was precisely what eBay tells you it should be!)

And yet, since the e-mail was still "suspicious" (giving a link for updating account info) I reported it to eBay and guess what... It's a new and admittedly more sofisticated spoof.

So, just to reinforce: DO NOT trust any e-mails telling you to update profiles, etc. ALWAYS contact the company that supposedly sent you the e-mail and ask them what's happening. NEVER access any type of account or password-protected site (even a forum likes this one...) from an e-mail link.

That's it I guess. Please share your spoof e-mail stories so we can all learn

Cheers!

[Tahrey1043]

i had an interesting one recently that didnt ask me to divulge any personal information, just to go to their site and log in as they had detected "potential unsanctioned transactions" or some other legal speak like that - basically that my account was suspected as being compromised because of some dodgy actions.

all well and good, until i realised... hey... they're not telling me to navigate to ebay and do this... they're asking me to click the link below and enter my username and password. ahem. that's not standard safe practice.

quick right-click of the link showed it to be a very simple html spoof (ie address displayed is not address linked to), although the server in question had "ebay" in it's name, it was definately arrange so it was X persons "ebay" sub-server (just as yahoo has a "mail" and "uk" subserver - as well as a "www" one, which isnt actually a standardised address thing, you have to set it up special at your own end) so it would be a very hard thing to have taken down... page looked convincing enough, but how hard is it to rip of someone else's code? Not very.

going via the real-life www.ebay.com / www.ebay.co.uk revealed no such actual concerns

so simple and yet so sneaky - who ever did it was a pro conman to make it convincing with such low-tech non-hacking methods.

is this the one you mean?

[carmadaaron]

im a new user on there.... didnt know ppl can pretend to be ebay

[polopowah]

my dad had one of these to do with his paypal account
they wanted very personal details, Bank, Location etc, but what gave it away was that the email address did not correspond to paypal ([email protected])
be careful people!
-Ben-

[ste mk1lx]

my dad get's these all the time funny thing is though the email address they come in on isn't his eBay profiled one (they come in on his old profiled email address), hence why I know they are definate spoofs.Rember eBay will always use your eBay name in emails to you and not just 'Dear eBay member' .