How do I know if an eBay message is phishing?
I buy and sell on eBay quite a bit, so it's really a pain to worry about possible phishing attempts from delinquents trying to get me to reveal my eBay account and password. How do I easily ascertain if a specific message is from eBay or a phisher?
This is a perennial problem, and one that I still think the email tool vendors haven't really stepped up and really tried to solve yet. And I'm sure that hundreds of people every day are tricked by these phishing messages - email that appears to be from a known organization but actually leads to a fake site that is intended to just harvest login data - and get into trouble without ever realizing what happened.
Here's a fake eBay email message that I just got this afternoon:
It certainly looks legitimate enough, and if you click on some of the links in the "small print" at the bottom of the message, they will sure enough take you to the eBay site. Even if you crack the message open and view the source, the images are coming from eBay servers, and the sender address is email@example.com, which seems legitimate enough, doesn't it?
Heck, the first line says "eBay sent this message!" and follows with "Your registered name is included to show this message originated from eBay. Learn more"!
The first obvious problem with this message, though, is that I've never submitted a bid on the specific item being referenced, the "TOSHIBA RD-XS54 DVD Recorder w 250 gig hard drive", so rather than think "oh, I better answer!" I know to toss this message out.
The more critical way to see that it's phishing is to put your cursor over the "respond now" button and look on the edge of your email window. Good email programs will actually indicate on the window frame what address they'd take you to if you click on the link. I use Microsoft Entourage and here's what it shows on the edge:
Clearly eBay isn't going to be sending me to a server called oneota.net so that's a flashing red klaxon that this message is completely bogus.
But let's say that I didn't realize that, or my email program didn't show me the URL of a clickable link, and I clicked on the link.
First off, I might then suddenly get to a site that tries to install spyware or other bad things on my computer, but hopefully my Web browser or other antivirus / antispyware application would prevent that from happening. More likely, I'd end up looking at a page that looks completely identical to a legit eBay login page:
Looks quite legitimate, doesn't it? But again, there's a problem. If I go to the real eBay site, it remembers my login account name and this is blank. I might miss that, though, so here's a trick to avoiding any phishing scam, however sophisticated it may be:
Test the login page with a fake account and password pair.
Here I'll invent an account and password that I'd never use (my temptation is to use obscenities so that the phisher will have a bit of feedback on his attempt to defraud me, but that's another story!).
This phishing attempt is quite sophisticated, though, because I try the bogus account / password pair and it actually logs the information and hands it off to eBay itself. All of a sudden, I'm getting an error message that:
Your sign in information is not valid. Please try again.
but this time the URL in my browser's address bar shows me that I'm actually at https://signin.ebay.com/ rather than the oneota.net address.
Now I can safely log in if I think that the phishing query is legitimate, since I'm now legitimately on eBay (be careful with this sort of thing too, because I could register a domain like "signin-ebay.com" and a quick glance might well suggest it's legit).
But really, the best advice I can give you is to be skeptical and a bit less lazy. Every time you get email from a service, be it eBay, Paypal, your local bank, the Social Security Administration or whathaveyou, don't click on its "login" button, but just type in the URL of the site in your browser and log in from there instead.
I really wish this wasn't an issue, and I hate the waves of phishing email I get because they, of course, clutter up my mailbox and make it easier that I might accidentally delete a legitimate query or request for updating my data. But precious few organizations now send email asking for you to log in with clickable links at this point, and that's a good clue regarding how you can avoid problems.
Good luck. If you do think you've been "phished", log in to the site and change your account password ASAP!
More Useful Auctions and Online Shopping Articles:
✔ How can I sell a used gadget on Amazon.com?
I have a bunch of electronic gadgets in my office that are just sitting around and I notice that they're worth a decent...✔ How do I return something to Amazon.com?
Hey Dave, I bought a new backpack through Amazon.com and when it arrived, I realized I didn't like it and really want to...✔ What annual subscriptions do I have set up in PayPal?
As it's the last day of the year, I'm thinking about recurring billing that's going to kick in starting again in 2013 through...✔ What's a used computer really worth?
Hi Dave. I bumped into this note on Facebook, a post from a friend: "Thinking about selling my 17" MacBook Pro. It's 3...✔ How long have I been a member of eBay?
I was arguing with a friend the other day and he said that he'd been on eBay since it first came online. I...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
I do have a comment, now that you mention it!
Check This Out Too...
Look for Answers
All Our Categories
Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and Blogging
Building Web Site Traffic
Business and Management
Computer and Internet Basics
d) None of the Above
Google Gmail Help
Google Plus Help
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Kindle Fire Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
Find Me on Google+
ADT on G+