Protect Yourself
Phishing (Spoof) Tutorial
What is a Phishing (Spoof) Email?
Phishing email can be a major problem for unsuspecting Internet users. Claiming to be sent by well-known companies, these emails ask consumers to reply with personal information, such as:
- Credit card numbers
- Social security number
- Account passwords
- Other sensitive information
These deceptive emails are sometimes called "Spoof Emails" because they fake the appearance of a popular Web site or company in an attempt to commit identity theft.
Note: Phishing emails are also known as hoax or spoof email. We'll be using all of these terms throughout this tutorial.
Common Deceptive Tactics of a Phishing Email
This tutorial will help you protect your account by preventing you from falling for a Phishing email. The lessons learned here can be applied not only on eBay, but wherever you do business online.
One common example of a phishing email can be seen below:
Forms requesting login or personal information within the email are a clear indication of phishing. Do not respond to these types of email.
Think an email is a Spoof? Forward it to spoof@ebay.ca.
Verify eBay Email in My Messages
If you get an email looking like it's from eBay that talks about a problem with your account or requests personal information and isn't also found in My Messages, it's a fake email.
Note: My Messages only applies to emails from eBay.
Verifying an eBay Spoof is Easy
My Messages is the definitive, legitimate source for any email from eBay that affects your account.
The bottom line - if an email affects your eBay account, it's in My Messages.
IMPORTANT: The "From" field of an email can easily be altered - it is not a reliable indicator of the true origin of the email.
Sign in to My Messages to verify your eBay email.
Warning Signs of a Phishing Attempt
Watch out for:
- Email messages that encourage you to reply with confidential information.
- Email messages with hidden links or URLs that appear to go to a legitimate site but actually take you to an unauthorized site.
Tip: Instead of clicking a link, type the link directly into the browser window.
The best way to protect yourself from phishing is to learn how to recognize an attempt.
We'll take a look at some of the warning signs in the next few examples.
Sender's Email Address
A spoof email may include a forged email address in the "From" line.
Some may actually be real email addresses that have been forged.
Do not assume that the "from" line is authentic.
Email Greeting
Many Spoof emails will begin with a general greeting such as "Welcome eBay User" rather than personalized with your name.
Scare Tactics and Urgency
Phishers use scare tactics, often with a sense of urgency, warning you that you may not have access to your files if you do not give them the information they are seeking.
Links
While many emails have links included, just remember that these links can be forged too.
Take a look at the URL this link is really pointing to.
Requests Personal Information
Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a Spoof email.
Spotting a Fake Web Site
You can count on the fact that a Spoof email will take you to a fake Web site.
Take a look at the example below. Often, the link in the email will not match up with the URL of the site it takes you to.
You can hover your mouse over the link to see where that link will take you before clicking it.
Never click on a link in an email if you are unsure of its origins, especially if the email asks for personal financial information.
Legitimate eBay Web Addresses
To determine if the Web address in your browser is a real eBay address, look for ".ebay.ca" or ".ebay.com" immediately before the first "/". In the below examples, notice that there must be a "." before "eBay.ca" or "ebay.com" for the address to be legitimate.
Fake eBay addresses:http://signin.ebay.ca@10.19.32.4/
http://signin-ebay.ca/
http://signin.ebay.com@10.19.32.4/
http://signin-ebay.com/
Real eBay addresses:
https://signin.ebay.ca/
https://signin.ebay.com/
Tip: If you have any doubt about the authenticity of an eBay or PayPal email, simply open a new Web browser, manually type in www.ebay.ca or www.paypal.ca and perform the requested activity.
What to Do About a Phishing Attempt
The good news about phishing attempts is that you are in control.
You can protect your personal financial information by ignoring the spoof email altogether. You should never provide contact, sign-in or other sensitive personal information in an email.
Protecting Your Accounts
The protection practices outlined below can be applied not only to eBay, but to your bank account, your ISP account and virtually any other online account you hold.
Note: Vigilance is the best line of defense - Periodically check your account and change your password. Visit eBay's Security Centre for more information about passwords.
Scan for Viruses
Frequently scan your computer for viruses and make sure your virus software, operating system, and browser patches are up to date.
Visit eBay's Security Centre to learn more about viruses and virus protection.
Available to eBay consumers at no additional cost, Microsoft Security Essentials is the industry certified, anti-malware solution that helps address the ongoing security needs of genuine Windows PCs -- helping protect them from viruses, spyware and other malicious threats.
Be Smart About Passwords
To prevent someone accessing multiple accounts, it is effective to have different passwords for each account. Also, a good password will include a combination of letters and numbers - this makes it more difficult for people to guess the password.
Visit eBay's Security Centre to learn more about password security.
Important: If you think your account security may have been breached, change your account password immediately. Learn How to change your password
Vigilance Is the Best Line of Defense
You should periodically check your accounts to see if there is any suspicious activity.
If you think you entered your personal financial information into a spoof site, contact your bank and credit card company immediately.
Reporting Account Theft and Phishing Attempts
If you feel your account has been compromised, please report it here:
http://pages.ebay.ca/help/account/securing-account.html
If you've received a phishing email, forward it to spoof@ebay.ca and then delete it.
Conclusion
It's now up to you to watch for and report phishing attempts.
By reporting phishing attempts and spoof Web sites to eBay, you help us protect the rest of the community by warning members and working with the ISPs to get the sites disabled.
