Phishing email can be a major problem for unsuspecting Internet users. Claiming to be sent by well-known companies, these emails ask consumers to reply with personal information, such as:
These deceptive emails are sometimes called "Spoof Emails" because they fake the appearance of a popular Web site or company in an attempt to commit identity theft.
Note: Phishing emails are also known as hoax or spoof email. We'll be using all of these terms throughout this tutorial.
This tutorial will help you protect your account by preventing you from falling for a Phishing email. The lessons learned here can be applied not only on eBay, but wherever you do business online.
One common example of a phishing email can be seen below:
Forms requesting login or personal information within the email are a clear indication of phishing. Do not respond to these types of email.
Think an email is a Spoof? Forward it to email@example.com.
If you get an email looking like it's from eBay that talks about a problem with your account or requests personal information and isn't also found in My Messages, it's a fake email.
Note: My Messages only applies to emails from eBay.
My Messages is the definitive, legitimate source for any email from eBay that affects your account.
The bottom line - if an email affects your eBay account, it's in My Messages.
IMPORTANT: The "From" field of an email can easily be altered - it is not a reliable indicator of the true origin of the email.
Sign in to My Messages to verify your eBay email.
Watch out for:
Tip: Instead of clicking a link, type the link directly into the browser window.
The best way to protect yourself from phishing is to learn how to recognize an attempt.
We'll take a look at some of the warning signs in the next few examples.
Sender's Email Address
A spoof email may include a forged email address in the "From" line.
Some may actually be real email addresses that have been forged.
Do not assume that the "from" line is authentic.
Many Spoof emails will begin with a general greeting such as "Welcome eBay User" rather than personalized with your name.
Scare Tactics and Urgency
Phishers use scare tactics, often with a sense of urgency, warning you that you may not have access to your files if you do not give them the information they are seeking.
While many emails have links included, just remember that these links can be forged too.
Take a look at the URL this link is really pointing to.
Requests Personal Information
Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a Spoof email.
You can count on the fact that a Spoof email will take you to a fake Web site.
Take a look at the example below. Often, the link in the email will not match up with the URL of the site it takes you to.
You can hover your mouse over the link to see where that link will take you before clicking it.
Never click on a link in an email if you are unsure of its origins, especially if the email asks for personal financial information.
To determine if the Web address in your browser is a real eBay address, look for ".ebay.ca" or ".ebay.com" immediately before the first "/". In the below examples, notice that there must be a "." before "eBay.ca" or "ebay.com" for the address to be legitimate.Fake eBay addresses:
Tip: If you have any doubt about the authenticity of an eBay or PayPal email, simply open a new Web browser, manually type in www.ebay.ca or www.paypal.ca and perform the requested activity.
The good news about phishing attempts is that you are in control.
You can protect your personal financial information by ignoring the spoof email altogether. You should never provide contact, sign-in or other sensitive personal information in an email.
The protection practices outlined below can be applied not only to eBay, but to your bank account, your ISP account and virtually any other online account you hold.
Note: Vigilance is the best line of defense - Periodically check your account and change your password. Visit eBay's Security Centre for more information about passwords.
Frequently scan your computer for viruses and make sure your virus software, operating system, and browser patches are up to date.
Visit eBay's Security Centre to learn more about viruses and virus protection.
Available to eBay consumers at no additional cost, Microsoft Security Essentials is the industry certified, anti-malware solution that helps address the ongoing security needs of genuine Windows PCs -- helping protect them from viruses, spyware and other malicious threats.
To prevent someone accessing multiple accounts, it is effective to have different passwords for each account. Also, a good password will include a combination of letters and numbers - this makes it more difficult for people to guess the password.
Visit eBay's Security Centre to learn more about password security.
Important: If you think your account security may have been breached, change your account password immediately. Learn How to change your password
You should periodically check your accounts to see if there is any suspicious activity.
If you think you entered your personal financial information into a spoof site, contact your bank and credit card company immediately.
If you feel your account has been compromised, please report it here:
If you've received a phishing email, forward it to firstname.lastname@example.org and then delete it.
It's now up to you to watch for and report phishing attempts.
By reporting phishing attempts and spoof Web sites to eBay, you help us protect the rest of the community by warning members and working with the ISPs to get the sites disabled.