Protect Yourself

Phishing (Spoof) Tutorial

Police Blotter
What is a Phishing (Spoof) Email?
Common Deceptive Tactics of a Phishing Email
Verify eBay Email in My Messages
Verifying an eBay Spoof is Easy
Warning Signs of a Phishing Attempt
Spotting a Fake Web Site
Legitimate eBay Web Addresses
What to Do About a Phishing Attempt
Protecting Your Accounts
Scan for Viruses
Be Smart About Passwords
Vigilance Is the Best Line of Defense
Reporting Account Theft and Phishing Attempts
Conclusion

What is a Phishing (Spoof) Email?

Phishing email can be a major problem for unsuspecting Internet users. Claiming to be sent by well-known companies, these emails ask consumers to reply with personal information, such as:

  • Credit card numbers
  • Social security number
  • Account passwords
  • Other sensitive information

These deceptive emails are sometimes called "Spoof Emails" because they fake the appearance of a popular Web site or company in an attempt to commit identity theft.

Note: Phishing emails are also known as hoax or spoof email. We'll be using all of these terms throughout this tutorial.

Top

Common Deceptive Tactics of a Phishing Email

This tutorial will help you protect your account by preventing you from falling for a Phishing email. The lessons learned here can be applied not only on eBay, but wherever you do business online.

One common example of a phishing email can be seen below:

Forms requesting login or personal information within the email are a clear indication of phishing. Do not respond to these types of email.

Think an email is a Spoof? Forward it to spoof@ebay.ca.

Top

Verify eBay Email in My Messages

If you get an email looking like it's from eBay that talks about a problem with your account or requests personal information and isn't also found in My Messages, it's a fake email.

Note: My Messages only applies to emails from eBay.

Top

Verifying an eBay Spoof is Easy

My Messages is the definitive, legitimate source for any email from eBay that affects your account.

The bottom line - if an email affects your eBay account, it's in My Messages.

IMPORTANT: The "From" field of an email can easily be altered - it is not a reliable indicator of the true origin of the email.

Sign in to My Messages to verify your eBay email.

Top

Warning Signs of a Phishing Attempt

Watch out for:

  • Email messages that encourage you to reply with confidential information.
  • Email messages with hidden links or URLs that appear to go to a legitimate site but actually take you to an unauthorized site.

Tip: Instead of clicking a link, type the link directly into the browser window.

The best way to protect yourself from phishing is to learn how to recognize an attempt.

We'll take a look at some of the warning signs in the next few examples.

Sender's Email Address

A spoof email may include a forged email address in the "From" line.

Some may actually be real email addresses that have been forged.

Do not assume that the "from" line is authentic.

Email Greeting

Many Spoof emails will begin with a general greeting such as "Welcome eBay User" rather than personalized with your name.

Scare Tactics and Urgency

Phishers use scare tactics, often with a sense of urgency, warning you that you may not have access to your files if you do not give them the information they are seeking.

Links

While many emails have links included, just remember that these links can be forged too.

Take a look at the URL this link is really pointing to.

Requests Personal Information

Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a Spoof email.

Top

Spotting a Fake Web Site

You can count on the fact that a Spoof email will take you to a fake Web site.

Take a look at the example below. Often, the link in the email will not match up with the URL of the site it takes you to.

You can hover your mouse over the link to see where that link will take you before clicking it.

Never click on a link in an email if you are unsure of its origins, especially if the email asks for personal financial information.

Top

Legitimate eBay Web Addresses

To determine if the Web address in your browser is a real eBay address, look for ".ebay.ca" or ".ebay.com" immediately before the first "/". In the below examples, notice that there must be a "." before "eBay.ca" or "ebay.com" for the address to be legitimate.

Fake eBay addresses:
http://signin.ebay.ca@10.19.32.4/
http://signin-ebay.ca/
http://signin.ebay.com@10.19.32.4/
http://signin-ebay.com/

Real eBay addresses:
https://signin.ebay.ca/
https://signin.ebay.com/

Tip: If you have any doubt about the authenticity of an eBay or PayPal email, simply open a new Web browser, manually type in www.ebay.ca or www.paypal.ca and perform the requested activity.

Top

What to Do About a Phishing Attempt

The good news about phishing attempts is that you are in control.

You can protect your personal financial information by ignoring the spoof email altogether. You should never provide contact, sign-in or other sensitive personal information in an email.

Top

Protecting Your Accounts

The protection practices outlined below can be applied not only to eBay, but to your bank account, your ISP account and virtually any other online account you hold.

Note: Vigilance is the best line of defense - Periodically check your account and change your password. Visit eBay's Security Centre for more information about passwords.

Top

Scan for Viruses

Frequently scan your computer for viruses and make sure your virus software, operating system, and browser patches are up to date.

Visit eBay's Security Centre to learn more about viruses and virus protection.

Available to eBay consumers at no additional cost, Microsoft Security Essentials is the industry certified, anti-malware solution that helps address the ongoing security needs of genuine Windows PCs -- helping protect them from viruses, spyware and other malicious threats.

Top

Be Smart About Passwords

To prevent someone accessing multiple accounts, it is effective to have different passwords for each account. Also, a good password will include a combination of letters and numbers - this makes it more difficult for people to guess the password.

Visit eBay's Security Centre to learn more about password security.

Important: If you think your account security may have been breached, change your account password immediately. Learn How to change your password

Top

Vigilance Is the Best Line of Defense

You should periodically check your accounts to see if there is any suspicious activity.

If you think you entered your personal financial information into a spoof site, contact your bank and credit card company immediately.

Top

Reporting Account Theft and Phishing Attempts

If you feel your account has been compromised, please report it here:

http://pages.ebay.ca/help/account/securing-account.html

If you've received a phishing email, forward it to spoof@ebay.ca and then delete it.

Top

Conclusion

It's now up to you to watch for and report phishing attempts.

By reporting phishing attempts and spoof Web sites to eBay, you help us protect the rest of the community by warning members and working with the ISPs to get the sites disabled.

Top

Trusteer
MS Essentials
Norton Trial
ProPho