What is a spoof e-mail (aka hoax or phishing e-mail)?
Spoof e-mails try to trick you into sharing personal information
such as passwords or social security numbers.
Spoof e-mails are e-mails sent by illegitimate third parties pretending
to be from a legitimate company such as eBay in an attempt to collect
personal information such as social security numbers and passwords for
use in fraudulent activity and identity theft. These e-mails typically
try to deceive the customer by imitating the look and feel of the real
company.
Learning how to identify spoof e-mails is very important for protecting
yourself against identity theft not just in using eBay, but in all
your online accounts and transactions.
The good news is, it's relatively easy to prevent fraud if you know
what to look for.
How to prevent being fooled by spoof e-mails
You can avoid being fooled by most spoof e-mails by being very cautious
how and where you share your personal information.
Protecting yourself against fraudulent e-mails isn't hard. In fact,
doing business online including online banking and bill pay is safer than
doing it the old fashioned way. The problem is, since online transactions are
so new, many people don’t know where the dangers lie and how to protect
themselves. By following the few simple rules below, you will be able to
prevent being tricked by spoof e-mails.
NEVER enter information into a form contained within the body of an e-mail.
NEVER click on a link inside an e-mail if you think it might be a spoof
or if the link is asking you to provide personal information. If you suspect
it’s a spoof, type the link’s url/web address into a browser
manually. Links can be manipulated to look like you're going one place but
then send you to another. If you type in the web address manually, you
are sure you’re going to the right place.
NEVER provide personal information unless you are sure it’s for
a legitimate account. To ensure it’s a legitimate account:
Manually type in the company’s url (i.e. www.ebay.com).
Login to your account. eBay will never ask you to login with anything
other than your username and password.
Example
If eBay wanted you to update your information they WOULD
NOT:
eBay WOULD:
Send you an e-mail containing a form to update the info directly
in the e-mail.
Send you to a link where you fill out the information without logging
in first.
Require you to login using anything other than your username and
password.
Present you with a blank form and expect you to fill out all your
data from scratch.
Send an e-mail informing you to login to your eBay account before
updating your information.
Instruct you to type www.ebay.com in
your browser to ensure your are going to our true home page.
Instruct you to login with your username and password only.
Once logged in offer a link for you to update your information.
Show you the information we currently have on file rather than presenting
you with a blank form.
How to spot a spoof e-mail
Don't rely on the look of an e-mail to determine if it's a spoof.
Scam artists can easily copy the look and feel of legitimate companies.
Spoof e-mails can be hard to spot. Scam artists have become increasingly
sophisticated in their approach and use of technology. If you ever suspect
an e-mail might be a spoof it’s always best to play it safe and report
it to the company. However, there are a few things you can look for to determine
if an e-mail is a spoof.
Spoof e-mails commonly request you to enter information directly into
the body of an e-mail.
E-mail “From” address: DO NOT rely on the “From” address
to determine if the e-mail is legitimate. This can easily be manipulated
to appear however the scam artist wants.
Lost Information: Spoof e-mails often claim that your
information is lost or needs to be updated. If an e-mail claims this, be
suspicious. eBay has extensive backup for our customers' information
and should never lose it. Information should rarely if ever need to be updated
but if it does, eBay will always ask you to type www.eBay.com into
the browser and login with your username and password to ensure your security.
E-mail Greeting: Many spoof e-mails begin with a general
greeting such as “Dear eBay User.” eBay includes both your
first and last name in the greeting of each communication.
Links: Links can be forged. If you suspect an e-mail
is a spoof it is safest not to click on any links. Instead, you could try
manually entering the address into your browser. Even if you don’t
enter information, clicking on a link can allow the sender to detect your
e-mail address and subject you to receiving more spoof or unsolicited e-mail.
If the e-mail is informational in nature you are probably safe clicking on
e-mail links. eBay will often include links to informational portions of
our website including tutorials and promotional details.
Urgency – Spoof e-mails often allude to urgent or threatening
conditions concerning your account.
Spelling errors – spoof e-mails often misspell keywords
in order to fool spam blockers and filters.
If you have any doubt if an e-mail is authentic, please forward
it to eBay.
What to do if you suspect a spoof
By following the instructions on “How
to prevent being fooled by spoof e-mails” you should be able to
prevent being fooled altogether. You can protect yourself and others further
by immediately reporting e-mails you suspect of being a spoof.
To report a spoof e-mail:
Forward the message to customerservice@ebay.com
Don’t forward the message as an attachment or alter the subject
line. Doing so prevents us from investigating it further.
Once you have forwarded the e-mail you may delete it from your account.
Preventative Protection
While spoof e-mails present an increasing threat, there are other ways fraud
can occur. The following tips will help you protect your eBay account and
virtually any other online account you have from fraudulent activity.
Frequently scan for viruses. Grisoft provides an effective FREE virus
software. click here.
Frequently check for update patches for your operating system (i.e. windows)
and browser.
Install a firewall. ZoneAlarm provides an effective
FREE firewall program. click
here.
Frequently check your account for suspicious activity.
Frequently change your password and use a unique password for each site.
Make your password unique. A good password will include a combination
of letters and numbers making it hard to guess.
Yes,
it has become more frequent to receive these false emails telling
us that our PayPal account is in trouble or you are about to be
suspended. Will it ever email phishingend?
Any false emails should be forwarded to:
spoof@paypal.com
spoof@ebay.com
In the subject area of the email, put...Is this for real?
Below is the most recent email I received saying it was from
eBay...offering me the opportunity to become a Power Seller! Now
I know that you need to sell over $1000.00 a month for at least 2
months to become eligible...so here are a few BOGUS emails:
DO NOT CLICK ON ANY BOGUS LINKS...THEY ARE SHOWN HERE AS AN
EXAMPLE OF HOW THEY WILL TRY TO FOOL YOU INTO GIVING YOUR
USERNAME AND PASSWORD.
Example #1: NOTE THAT THESE ARE ACTUAL EXAMPLES THAT I
RECEIVED AND BY THE TIME YOU READ THIS, THE LINKS MAY HAVE BEEN
SHUT DOWN.
(when you click on the pale green link/verify you need to give
them all they need to know...your username and password. Don't
fall for it:)
eBay
SafeHarbor Department
This is a notification from eBay SafeHarbor Department. Please
read it carefully.
You have received this email because we have strong reason to
believe that your
eBay account had been recently compromised. We need you to change
your
verification answer from verification answer from your account
This way you will confirm that you are the only one using this
account.
Please Note: If your account informations are
not updated within the next 72 hours, then we will assume this
account is fraudulent and will be suspended. We apologize for
this inconvenience, but the purpose of this verification is to
ensure that your eBay account has not been fraudulently used and
to combat fraud from our community.
Thank you for your attention on this serious matter. We apologize
for any delay in resolving this situation. Warning: Falsification
of information to evade eBay Verification may result in civil
fines and criminal prosecution. eBay cooperates with law
enforcement in cases involving potential falsification of
information to evade eBay Verification.
We appreciate your support and understanding, as we work together
to keep eBay a safe place to trade.
Regards,
Morris Franklin
eBay SafeHarbor
Investigations Team
Please do not reply to this e-mail as this is only a
notification. Mail sent to this address cannot be answered.
eBay treats your personal information with the utmost care, and
our Privacy Policy is designed to protect you and your
information.
Copyright Š 2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their
respective owners.
eBay and the eBay logo are trademarks of eBay Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
PayPal is committed to maintaining a safe environment for its
community of
buyers and sellers. To protect the security of your account,
PayPal employs
some of the most advanced security systems in the world and our
anti-fraud
teams regularly screen the PayPal system for unusual activity.
Recently, our Account Review Team identified some unusual
activity in your
account. In accordance with PayPal's User Agreement and to ensure
that your
account has not been compromised, access to your account was
limited. Your
account access will remain limited until this issue has been
resolved. This
is a fraud prevention measure meant to ensure that your account
is not
compromised.
In order to secure your account and quickly restore full access,
we may
require some specific information from you for the following
reason:
We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your
account
is our primary concern, we have limited access to sensitive
PayPal account
features. We understand that this may be an inconvenience but
please
understand that this temporary limitation is for your protection.
Case ID Number: PP-046-631-789
We encourage you to log in and restore full access as soon as
possible.
Should access to your account remain limited for an extended
period of
time, it may result in further limitations on the use of your
account or
may result in eventual account closure.
Thank you for your prompt attention to this matter. Please
understand that
this is a security measure meant to help protect you and your
account. We
apologize for any inconvenience.
(when you click on the above link, you are asked to sign in with
your username and PayPal password!
Say "Good Bye" to your money!!!)
*************************************************************************************************************
Example #3:
Secure Your PayPal Account!
Dear PayPal ® Customer,
ZeLk23g0r11hNhw-z3Pb8bvWpyI6 -ZoBJzA
We need to inform you that during our security reform we are
asking every user to become ID Verified, this security measure
will protect our customers from account thefts and any other
fraudulent activities. To secure your PayPal account please visit
the link below:
When you go here you need to give them your username and
password...kiss your money
good bye.
Example # 4:
Dear PayPal ® valued member,
Failure to update your records will result in account
termination. Please update your records in maximum 72 hours. Once
you have updated them, your PayPal session will not be
interrupted and will continue as normal. Failure to update them
will result in cancellation of service, Terms of Service (TOS)
violations or future billing problems. Please follow the link
below and update your account information:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
FOR INTERNATIONAL PAYMENTS ONLY:
Commissions and Fees incurred by sender: $0.00
Rate of exchange: If and when the Receipt chooses to withdraw
these funds from the PayPal System, and if the withdrawal
involves a currency conversion, the Recipient will convert the
funds at the aplicable currency exchange rate at the time of the
withdrawal, and the Recipient may incur a transaction fee.
RIGHT TO REFUND
You, the customer, are entitled to a refund of the money to be
transmitted as a result of this agreement if PayPal does not
forward the money received from you in 10 days of the date of its
receipt, or does not give instructions commiting an equivalent
amount of money to the person designated by you within 10 days of
the date of the receipt of the funds from you unless otherwise
instructed by you.
If you want a refund, you must mail or deliver your written
request to PayPal at P.O. Box 45950, Omaha, NE 68145-0950. If you
do not receive your refund, you may be entitled to your money
back plus penalty of up to $1.000,00 USD and attorney's fee
pursuant to Section 1810.5 of the California Financial Code.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Please do not reply to this email. This mailbox is not monitored
and you will not receive a response. For assistance,
log in to your PayPal account and choose
the Help link located in the top right corner of any PayPal page.
To receive email notifications in plain text instead of HTML,
update your preferences
here.
eBay Safeharbor Department Notice Fraud Alert ID : 00626654
Dear eBay member, You have received this email because you or
someone else had used your identity to make false purchases on
eBay. For security reasons, we are required to open an
investigation on this matter. We treat online fraud seriously and
all cases which cannot be resolved between eBay and the other
involved party are forwarded for further investigations
to the proper authorities. To speed up this process, you are
required to verify your personal information against
the eBay account registration data we have on file by following
the link below. https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&co_partnerId=2&pUserId=
Please save this fraud alert id for your reference. When
submitting sensitive information via the website, your
information is protected both online and off-line. When our
registration/order form asks users to enter sensitive information
(such as credit
card number and/or social security number), that information is
encrypted and is protected with the best
encryption software in the industry - SSL. Please Note - If your
account informations are not updated within the next 72 hours, we
will assume this account is fraudulent and it will be suspended.
We apologize for this inconvenience, but the purpose of this
verification is to ensure that your eBay account has not been
fraudulently used and to combat fraud. We apreciate your support
and understanding, as we work together to keep eBay a safe place
to trade. Thank you for your patience in this matter. Regards,
Safeharbor Department (Trust and Safety Department) eBay Inc.
Please do not reply to this e-mail as this is only a notification
mail sent to this address and can not be replied to. Copyright
2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their
respective owners.
eBay and the eBay logo are trademarks of eBay Inc. which is
located on Hamilton Avenue, San Jose, CA 95125
