[MrsJim]

I know that there are a LOT of folks here who love eBay...but very few eBay users actually visit their forums/community section so I wanted to call your attention to the SERIOUS matter of SPOOF emails (mostly because I've received several in the past two weeks...).

"Spoofs" are emails that look like they came from eBay, generally saying that your account has been or will be suspended UNLESS you click the link provided in the email and give some info...such as your credit card number, Social Security, etc. If you click the link, it takes you to a site that appears to be an eBay page, but is actually a 'mirror' of an eBay page.

These are NOT coming from eBay, but from CRIMINALS. (there may be some PayPal spoofs coming through as well, but as yet I haven't received any).

Each time I have received a spoof, I have forwarded it to [email protected] so they can investigate it. Here's a reply I recently received from them:

Quote:

Thank you for contacting eBay's Trust and Safety Department about email solicitations that are falsely made to appear to have come from eBay.
These emails, commonly referred to as "spoof" messages, are sent in an attempt to collect sensitive personal information from recipients who reply to the message or click on a link to a Web page requesting this information.

The email you reported did not originate from, nor is it endorsed by, eBay. We are very concerned about this problem and are working diligently to address the situation. We have investigated the source of this email and have taken appropriate action. You may rest assured that your account standing has not changed and that your listings have not been affected.

We advise you to be very cautious of email messages that ask you to submit information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email itself. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.

If you have any doubt about whether an email message is from eBay, please forward it immediately to [email protected] and do not respond to it or click on any of the links in the email message. Please do not change the subject line or forward the email as an attachment.

If you entered personal information such as your password, social security number or credit card numbers into a Website based on a request from a spoofed email, you need to take immediate action to protect your identity. We have developed an eBay Help page with valuable information regarding the steps you should take to protect yourself.

To get to the "Protecting Your Identity" Help page from the eBay site, please click on the "help" link located at the top of most eBay pages and select the following topics when the "eBay Help Center" window appears:

Safe Trading > If Something Goes Wrong > Identity Theft

We encourage you to review additional information about protecting your identity found in the eBay Help system. Please click on the "help" link located at the top of most eBay pages and select the following topics when the "eBay Help Center" window appears:

Safe Trading > If Something Goes Wrong& > Account Theft > Account
Protection

Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,

Ian
eBay SafeHarbor
Investigations Team

Just a word of warning for all you eBay users out there!

[Ruthxxx]

Thanks. Much appreciated.

[melekalikimaka]

I've received many (probably 6 or more) spoof emails in the last month or so and being the suspicious person that I am, I automatically checked the Safe Harbor section of the authentic website and did forward the emails to the email address you listed. I received the same reply to each. If you've gotten one email, you're probably going to get more. Just be safe and never, ever answer those asking for the personal info.

What I would also like to add is that you should make an effort to check your account at least once a month or so whether you're a buyer or seller, because there have been instances of "Pirating" or account takeover by these evil scammers. They check for accounts with excellent feedback ratings and use those as fronts for selling big ticket items like autos or high priced auto parts, electronics, etc. I would suggest that you check the sellers feedback before buying anything over $1,000 (or whatever your comfort level is) and check the other items the seller may have sold. My DH has been scouring ebay for motocycles or motorcycle parts and has reported several pirated accounts to ebay. The fake seller lists what should be high ticket items for cheap, luring those unsuspecting buyers who think they are getting a steal! If you check the previous positive feedback, all the previous items sold are under $10 or less. Here is a response to an email from ebay in which he asked ebay to check on a sellers suspicious listing:

Quote:

Hello,

Thank you for writing with your concern.

Beware! Protect yourself from fraudulent emails that ask for sensitive
personal information like credit card numbers, passwords, etc. Just
because an email message looks like it is sent directly from eBay, it
isn't always. To learn more about protecting yourself from fake or
"spoof" emails, visit our User Account Protection page. Simply cut and
paste this Web address into your browser window:
http://member.ebay.com/ad/ck/1065-11789-3840-13

The recent items listed with this account were the result of an
unauthorized account takeover. Unfortunately, we were not aware of this
activity until some time after the listings appeared on the site. Once
we became aware of this activity, immediate action was taken. We are now
in the process of restoring the account to its true owner. At this time
the transaction in question should be considered null and void.

Let me suggest a few ways this could have occurred.

If the user had a relatively simple password or password hint question
it is possible that a third party was able to gain access to the account
by guessing the password.

It is also possible that the user could have unknowingly provided his or
her password to another party. Some eBay members have reported receiving
messages asking for User IDs and passwords. These messages appear to
come from eBay Support, but in fact are not. eBay will never ask for
sensitive information of this nature through email.

Finally, there are a number of computer viruses in circulation that log
and record keystrokes. It's recommended that computer users keep their
virus alert software up-to-date, and check their system often for
problems. A firewall for high-speed Internet users is also highly
recommended.

Please be aware that eBay urges caution when purchasing high-priced
items, especially if the price seems too good to be true.

We do not recommend the use of instant cash wire transfer services such
as Western Union and MoneyGram, and we ask that users decline sending
payment in cases where these are the only methods of payment offered by
the seller. Generally, if payment is sent using an instant cash wire
transfer service and the item is not delivered as promised, no recourse
is available for recovering funds. In most cases, a verified escrow
service should be used when purchasing high dollar value items. More
information on the benefits and risks of individual payment methods can
be found at:

http://pages.ebay.com/help/buy/payment.html
Again, thank you for taking the time to write. I appreciate your
continued help in keeping eBay a safe and fair place to trade!

Regards,

Jude
eBay Motors
Trust and Safety Department

Okay, it was more than 2 cents but I just had to comment on this since i am an avid ebay user.

Thanks Mrs Jim for posting this.

[usmcwifee]

I too have received several of these "spoofs" but only from paypal. And I knew better because the same morning I got the first one, msn.com news had a warning on it's website..talk about great timing!

I'm also an avid ebayer. Currently buyer, moving into the selling side of the game (yay for me).

Thanx for the heads up.

[Misti in Seattle]

Good caution about eBay! As an avid user of eBay I can certainly agree with your comments. Also would add... be very cautious about similar scams from those pretending to be from PayPal (eBay's main money transfer site).

Sue

[MichelleRae]

wow thanks for bringing this to my attention!!
Michelle

[herb1985]

Thanks for the heads up . I will keep an eye out for the bogus emails from fake ebay for sure.Always someone out there scamming its a shame.

[avondarcye]

I got one like that ,about Paypal, It addressed me as something like Dear Paypal memeber, Paypal never does that and has a link on site to report it I think its [email protected]

Beware

Darcye

[craft of flavor]

Hi I was wondering one thing regarding spoof mail. I had one come to me and i started going for it. I even went as far as filling out some of the information. But then something told me this was not right so i used the back button on my toolbar and than proceeded to make a few calls. But now i am wondering if the back button would delete the material i had inserted or if they could still read it. Ugh! Does anyone know?

[fatfornow]

Quote:

Originally Posted by craft of flavor

Hi I was wondering one thing regarding spoof mail. I had one come to me and i started going for it. I even went as far as filling out some of the information. But then something told me this was not right so i used the back button on my toolbar and than proceeded to make a few calls. But now i am wondering if the back button would delete the material i had inserted or if they could still read it. Ugh! Does anyone know?

Hi! I work for eBay so I thought I would just help out here.

If you were responding to an email, they couldn't see a thing unless you had actually sent it. If you were on a webpage that you got from a link in an email, they could possibly have harvested some simple information (not credit card numbers or anything, just your name or IP, etc.) or put something ugly on your computer like spyware. It also clues them in to the fact that you are a good mark and they may attempt to trick you more and more. It all depends. However, if you did not submit your information, then the information that was in the form was not sent and they did not get it.

To be safe, change your eBay password often, make sure it includes numbers and letters. And if you do get a spoof email, send it to eBay/PayPal right away. You may just get an automated response back from us, but I can assure you that we do investigate and that is how we catch the crooks and learn from them. So keep sending it in because it really does help.

[sugarholic]

My friend is a new mom and works full time, she too got one of these spoofs, however it came from paypal but when she clicked on the link it took her to ebay. Since she's so busy she didn't even pay attention to the fact that it could have been from a fraud. Within hours someone spent over $800 out of her bank account. Luckily it was right around xmas and she checked her account before going shopping or much more damage could have occured. So just a warning, watch for paypal emails like this too, and thanks for bringing it to everyones attention!

[katushkacz]

I got one email that "was" from PayPal. It was a receipt for over $300. First, I was shocked. Then I contacted PayPal and was told it was a spam email.

Well, I used to love Ebay until I bought a transmission for my car and never received. It was a good lesson.

[thinthinker]

PayPal and eBay are both good sources of SPAM emails, but also watch for banks. Last week I got one from a bank I didn't recognize and one with MY bank's logo on it.....Both were SPAM...

When in doubt....and be in doubt often.....call someone and doublecheck!!!!

[MrsJim]

Quote:

Originally Posted by thinthinker

PayPal and eBay are both good sources of SPAM emails, but also watch for banks. Last week I got one from a bank I didn't recognize and one with MY bank's logo on it.....Both were SPAM...

When in doubt....and be in doubt often.....call someone and doublecheck!!!!

What you're referring to is known as "phishing" in the industry. These emails are not eminating from eBay/PayPal or the bank in question.

The number one rule of phishing safety is simple:

NEVER click on links you receive in unsolicited e-mail.

Here are some additional tips you can use:

* Never open any unsolicited e-mail in your email accounts — delete them!
* Never give out your personal or financial information in a transaction you did not initiate.
* Check your credit report annually.
* Guard you PIN from being seen when you are completing a transaction at an ATM or in a store. Never write it down.
* Protect your passwords. Never write them down or enter them online unless you initiate the transaction.
* At home, use spam blockers, firewalls and virus protection software. Keep them updated.

Find out web addresses you want to enter from a trusted source, for example from a billing statement or by calling the company.

Then, type in the address yourself.

What kinds of information do phishers want?

Personal data: names, social security numbers, street addresses, telephone numbers, mother's maiden name, etc.
Financial data: bank account numbers, credit card numbers, passwords, PINS
Phishers will try and trick you into providing as much information as possible. They use this information to steal your identity or your money.

How do they do it?

Phishing is one of the fastest growing crimes on the net.

Phishers create realistic but phony version of things you’re used to seeing on your computer screen such as:

* e-mails
* pop-up windows
* web sites

Visa's Canadian website has a great article titled “Cut the Line on Phishing Scams" which includes detailed examples of what phish look like.

Phishers are always trying to come up with new tricks in addition to e-mail and web site fraud, such as:

Screen Grabbing - This form of phishing takes a picture of your screen instead of trying to trick you into sending information. It is programmed to take the picture just when you are entering sensitive data.

IRC and Instant Messaging - Internet Relay Chat (IRC) and Instant Messaging (IM) use graphics, URL’s, and multimedia. It will not be hard for phishers to adapt their phishing techniques to attack them. (this is one of the reasons that I personally do not use IM).

JPEG Phishing - Phishers can hide attacks in JPEG graphics, although, so far, the user must first save the graphic and open it from within Windows Explorer.

Small Fry - Those most often targeted are new users just beginning to shop or bank online. Gartner reported that of the 4 million consumers who encountered fraud last year when opening a new online account, approximately half said they also received a phishing e-mail.

Some solutions: In the past year, eBay and Google have both launched toolbars. I highly recommend that if you use eBay at ALL, that you download the eBay toolbar - it can help spot any phishing/bogus websites or emails pretending to be from eBay or PayPal (which of course is an eBay company).

If you use a Visa card to perform online transactions, sign up for Verified by Visa - which provides you with an additional wall of protection when shopping at sites which are signed up in the program (more are being signed up every day). If you go to the Visa link above, the page also has a link to find out more about Verified by Visa.

Oh and when you do get a phish email - send it as an attachment to the company site that is being spoofed - generally it's eBay or Paypal - [email protected] and [email protected] - Visa's is [email protected] - for other financial institutions check their websites.

["Yes-I-Can"]

I received some of these emails from ebay in the past. The first one I entered some personal information. Then I figured out that they were fake so I sent them to the spoof address. I've changed my password but I'm still nervous. You know how you can mark to keep you signed in on the computer unless you sign out? Well, I do that. Then the next time I go to ebay I have to sign in again. Is this normal or is someone likely to be signing in to my account? Any ideas?
Thanks a bunch.