Well, all you eBayers, here's a cautionary tale.
This morning I received an email from eBay, saying my account was going to be suspended if I didn't "update" my info. Since my primary credit card has changed since I started with eBay, it seemed a reasonable request. Soooo I clicked on the link. It asked me to log in, so I did. Then it asked me to "verify" my credit card. Screeeech! (That's me hitting the brakes.) Wasn't there some notice I got once from eBay that said they would never ask for that info?
Sure enough, when I opened a new window and logged into eBay itself, there were no messages to me asking for account info. When I looked at the original email, I discovered it wasn't addressed to just me, but to many others as well. I can't believe I almost fell for such a scam (or spoof, as eBay refers to it). Consequently, since I had logged in on the bogus site, I had to change my eBay password, or they could have bought all sorts of things as "me". Whew!
So, be warned...eBay will not ask for confidential info through email. If you receive a suspicious email supposedly from eBay, forward it to spoof@ebay.com. Or, check by opening another window and log in to eBay independently to see if there are any important messages about your account.
Now you know.
3 comments:
That is called a "phishing" attack. Someone sends an e-mail that looks like an official one, and directs you to a web site and asks you to login. "Doh!" you just gave them your login.
With GMail (http://gmail.google.com) if someone reports an e-mail message as a phishing attack, it will be flagged as such and moved to the spam folder for everyone who gets the message which is very nice.
Also, be aware, that how a URL (internet adress) appears and where it actually sends you, can be two different locations.
Lastly, the e-mail address "abuse@... usually works as well. I usually just delete spam, but I report fraud if I can determine where an e-mail originated from, and I usally can. This will not get these folks arrested like it should, but hopefully puts them out of action for a little while if thier accounts get closed.
The way you report it to the abuse email is by looking at full headers on your email and then forwarding it to that email so they know.
The way you know what the real link is that you're looking at is hover your mouse over the link and look at the bottom left of your screen. It will show you the real address you're going to.
Good job on remembering before you gave them your credit card #.
What's scary is that even giving my ebay ID and password, they would have been able to do other things on ebay with my ID - this morning I got an email from PayPal (maybe) saying I had signed up for automatic Logo in my auctions, but last time "I" signed in, my password was invalid.
I don't have any auctions! Nor did I sign up for any automatic anything. SOooo. I guess I'm going to delete that ebay user ID.
I don't need to be buying anything more anyway, right?
Post a Comment