Dave Taylor answers free tech support questions about a wide variety of business and technical topics, including blogging, iphone help, ipod help, AdSense, MySpace, Sony PSP help, Mp3 players, Windows XP, Windows Vista, Linux, SEO, Mac OS X, Facebook, Twitter and LinkedIn.

eBay a Reported Web Forgery! What the heck?

I got an email from eBay saying that there was a dispute over non-payment of an auction I'd won and I know I paid it, so it's very weird. When I clicked on the "dispute" link, though, instead of going to eBay, I got a big screen saying "Reported Web Forgery!" So has someone hacked eBay, or what??


Dave's Answer:

You have almost fallen victim to a common hacking attempt to steal your eBay credentials and shut you out of your own account on the popular auction site.

The email you received is fake and did not come from eBay.

How do I know that for sure? Because I'm 99% sure that what you received was what we call a "phishing" attack, a message that requests you log in to a specific site to "clear up a misunderstanding" or "correct an error" or, in this case, "dispute a complaint".

Luckily I have one of these same sort of messages in my mailbox too, and it looks like this:

ebay phishing email

Now put your cursor over the "Review payment details" link and -- if you have a good email program -- the URL that you'd visit will pop up:

ebay phishing email url


As you can see, it's not an "https://www.ebay.com/..." address by any means, because it's some bad guy who has a site that's pretending to be eBay so it can sucker you out of your login info. A quick "whois" query and it turns out to be an IP addressed assigned to HINET Network Center in Taipei, Taiwan, of all places.

If you were to click on this link, which you did, then you're in luck because Firefox also knows it's a phishing site and protects you:

reported web forgery firefox

In fact, click on "Why was this site blocked?" and you'll learn that

"Firefox 3 or later contains built-in Phishing and Malware Protection to help keep you safe online. These features will warn you when a page you visit has been reported as a Web Forgery of a legitimate site (sometimes called “phishing” pages) or as an Attack Site designed to harm your computer (otherwise known as malware)."

In general, if you get any email from a site saying you need to resolve something, log in to that site directly by typing its URL into your Web browser then go to the account information area to see if the message appears there too. If it's there, the email is legit. If it's not, you just smartly side-stepped a phishing attempt, good job!



Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Stumble Upon    

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

hey Dave -- I get those from hackers regarding both e-bay and paypal. My immediate response is to forward it immediately to spoof@ebay.com or spoof@paypal.com . Only once did I get a note from paypal telling me it was the real deal LOL.... but that is ok - anything they send me in e-mail is posted on their sites so I prefer to find out through the sites themselves. Guess its still best to be safe and not sorry -- nor hacked.

Good luck to all,

Lu

Posted by: Lu McInturff at October 13, 2008 10:34 AM

I can't believe people are still falling for this trick.

Posted by: PaulM at October 13, 2008 3:27 PM

Hey Dave,
What about when I search for my site on google and I get this message? My site is legit, and many users will steer away from it now.... Do you know what could be causing it?

Posted by: michelle at November 14, 2008 2:36 PM


I have a lot to say, but ...
Starbucks coffee cup I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!









Remember personal info?


Please note that I will never send you any unsolicited commercial email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Uniblue: Free Virus Scan

Search
Find just the answers you seek from among our 1700+ free tech support articles by using our Lijit search engine.


Member of the B5Media Network

Help!





Subscribe to
Ask Dave Taylor!

Add to Google Reader
Add to My Yahoo!
Subscribe in NewsGator Online

RDF   XML

Free Updates!
Sign up and get free weekly updates and special offers on books, seminars, workshops and more.


Recent Entries
Join the List!
Join my author info mailing list, where you'll learn about my upcoming books, speaking gigs, and more!


Book Links
© 2002 - 2008 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]