Just like the post I made about Bank Phishing, today I received an email supposedly from eBay requesting to change my registration information. Well of course if you read my post from the other day you already know that I am very aware of spoofed emails that are phishing for personal login information.
Guess what? This is a spoofed email that appears to be from eBay but in reality it is not. I confirmed with eBay that this is in fact a spoofed email and they are working to disable the site that it is currently installed on.
[Click image to enlarge]
The link in this email looks real “http://signin.ebay.com/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US“, however when you click it you are directed through a series of servers that appear to be hacked and then finally end up on a page that looks like an eBay login screen which then captures your login and password and hands you off to the real eBay login screen which states your information is incorrect. Now if you entered in the correct info then your account has been compromised because someone has your login info and you should change your password as soon as possible.
eBay will never ask for your personal information in an email or include a link that takes you directly to a page where you are asked to sign in.
From eBay’s website:
How do I know that an email is really from eBay?
If you receive an email that appears to be from eBay that requests sensitive personal information, be cautious. The email may be a “spoof” or “phishing” email. The people who send these fake emails hope that unsuspecting recipients will reply or click on a link contained in the email and then provide sensitive personal information including passwords, social security numbers or credit card numbers.
Legitimate eBay emails
eBay will never ask you to provide account numbers, passwords or other sensitive information through email. If eBay does request information from you, a copy of that email will be in the My Messages box in My eBay. If you have any doubt that an email really is from eBay, open a new browser window, type www.ebay.com, and sign in. Any email that looks as if it is from eBay, mentions a problem with your account or requests personal information, and is not in My Messages in My eBay, is a spoof (fake) email.
Spoof emails often include the use of the eBay logo and an eBay address in the “From” line (for example, “From: email@example.com”) The email may mimic common eBay emails, such as notifications of problems with your account, â€œAsk seller a questionâ€ emails or offers to become an eBay PowerSeller.
Spoof emails typically have the following characteristics.
- Requests sensitive information. (Example: Please update your credit card number.)
- Starts with a generic greeting. (Example: Dear eBay member)
- Has an urgent tone for quick action. (Example: â€œIgnoring this message will result in a suspension of your account within 24 hoursâ€.)
- Contains links to Web pages that resemble the eBay sign-in page. (Example spoof Web link: http://signin-ebay.com/)
When you receive a suspicious email
- Do not click on any link in the email. The purpose of spoof email is to lead you to a Web site and attempt to collect personal information and commit identity theft or other crimes.
- Report the email by forwarding it to firstname.lastname@example.org. eBay will review the email and let you know if it was legitimately sent by eBay.
If you do receive an email asking you to login to eBay or your bank or anything else where personal information is needed, it is wise to not use any links but go to the actual website directly and login from their secure login pages.
( If you are reading this anywhere but my blog, you can find the original post here. )