I feel like an idiot. Today I got the following email.
eBay eBay Safeharbor Notice (25640254) – TOS violation / Account compromised
Dear *****@yahoo.com,Your bank has contacted us regarding attempts of charges from your credit card via the eBay system. Also, unusual activity was also detected on your eBay account. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your eBay id. Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.
To confirm your identity with us click here:
https://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&AcctivityConfirm&ssPageName=h:h:sin:US
After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause.Thank you for taking these simple steps to ensure safe trading on eBay.Sincerely,Matt Halprin
Vice President, eBay Global Trust & Safety Policy
http://www.ebay.com/Visit our Privacy Policy and User Agreement if you have any questions.Copyright © 2006 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
Without thinking, I clicked on the link (which I have included so you can see what happens). Bad idea #1. Notice the text of the link says https:// but the actual link is completely different and is http://. Of course I had not yet realized this when I click on it.
It takes you to a very legitimate looking eBay sign-in page (see below). So, again without thinking, I entered my eBay username & password. Bad idea #2.
Once signed in, I was taken to a very legitimate looking eBay account validation page. The first thing it asked me to do was to enter my credit card informaion and address so they can validate my account. Finally the red flags started flying and I am happy to say my stupidity ended right there.
Immediately I realized I was the victim of a phishing scam and/or email spoof. I immediately went directly to the real eBay and changed my password (since they now have my original account password). I also forwarded the original email to spoof@ebay.com. I’m so glad I woke up before I entered in my credit card information. I can’t even imagine how many people fall for this. If I almost fell for this, I know many others have blindly submitted all their information to these crooks.
If you ever get a similar email, immediately log in to your account on eBay (get there by typing in ebay.com into your browser so you know you’re at the right place). Check “My Messages” in your eBay account, because every email eBay actually sends to you will also be here.
Also, check this page for more information about eBay email spoofing. This isn’t the first time I’ve received an email like this, so I’m surprised I didn’t pick up on it sooner.
UPDATE: I received a response back from eBay, and sure enough they verified the email I received was a known spoof.
hey i recived the same email today was sucha pain in the arse because i gave in my details and then had to change my password 5 minutes later when i realised what the hell it was lol
I clicked on a similar one the other day but then noticed that it had an IP address in the address bar.
I looked back at the email and noticed that it came from a Wachovia address. That was silly.
Thanks for This page! Banks and other money institutes have send out warnings saying they will never ever ask for any personal information, so I was a bit Hmm when I got this mail. I coopied the long “click-me-address”, placed it in Search at Yahoo and came here. Big grin… Once again. Thank you for this page. It made me feel calm.
I haven’t gotten it from ebay but I get one from paypal at least once a week and they even try to phish me with my bank. You’re information is very helpful, thanks.
I like this site, very well organized, with good content. I’ll definitely check back in…Thanks