I got an email today regarding an auction, asking me some questions about the item. I was quite confused, as I was not selling anything, and looked up the item listing. It was an actual listing, but I’m not associated with it, and there’s nothing in my account regarding current auctions, so I haven’t been hacked (this time).
However, it is very lucky that I cut and pasted the item number and did my own search, rather than clicking on any of the links in the email to find it.
I’ve got another one in my spam folder that I discovered this afternoon. These emails are cleverly made to look EXACTLY like the emails you get through ebay. However, every link is redirected to a foreign site. Even the link about reporting it to ebay is redirected to that site. And if you go there, I am betting that you will be asked to log in, and snap just like that your account is hacked.
If you get an email asking you about an item, and you haven’t listed that item, be wary. Heck, even if you have, double check the links before you reply. It’s really easy to doublecheck them, as if you put your mouse on a link without clicking it, it SHOULD tell you the address on the bottom of your screen. Note the bottom left corner of the image:
That is the IP address that the hacker is redirecting you to. It’s not eBay. The other email I got had it going to somewhere else, but it still wasn’t eBay. I’ve reported the first and am about to report the second. You can report them by forwarding them to spoof@ebay.com or by filling in their online form. If you get one spoofing Paypal, send it to spoof@paypal.com .
The standard safety rules still apply…think before you click…
Another clue in the above cited example is the inquirer’s crappy usage of English. Not that everyone who uses eBay has flawless English, but knowing what we know about strange phrasings in many phishing scams it should raise a red flag.
English can be a clue, but the other ones I got were flawless. Total received is three for ebay and one for paypal. Only one made it to my inbox, today, the rest were sent to bulk mail between today and last week.
NEVER click on the links in these e-mails, no matter how authentic they look. If there’s even a small chance that they’re real, you can go directly to eBay.com, or PayPal.com or whatever the supposed site is and access the information directly using your logon information.
I’ve had some of these that look completely legitimate. They even contain some REAL links to the real site, eg to “contact us”. However, most of the links are bogus like the one Beth so expertly pointed out.
It doesn’t matter who the email looks like it’s from, or how neat the included photo / movie / whatever may sound, or how official the email seems, or especially how much trouble you think you’ll get in for not doing it: DON"T DO IT. Don’t open the attachment, don’t view the photo, don’t click the link.
Two things to realize about email:
If a government or financial institution wants to contact you, especially about money, it will never ever be by email.
No matter how good your security, no matter how knowledgeable you are, you can never be 100% certain who an email really came from unless you actually saw them send it.
If you actually follow these rules, it’ll keep you safe from the great majority of the scams that are out there.
