Ask Dave Taylor
  • Facebook
  • Instagram
  • Linkedin
  • Pinterest
  • Twitter
  • YouTube
  • Home
  • YouTube Videos
  • Top Categories
  • Subscribe via Email
  • Ask A Question
  • Meet Dave
  • Home
  • Amazon, eBay, and Online Shopping Help,
  • How do I know if an eBay message is phishing?

How do I know if an eBay message is phishing?

January 26, 2006 / Dave Taylor / Amazon, eBay, and Online Shopping Help,, Spam, Scams & Security / 7 Comments

I buy and sell on eBay quite a bit, so it’s really a pain to worry about possible phishing attempts from delinquents trying to get me to reveal my eBay account and password. How do I easily ascertain if a specific message is from eBay or a phisher?

This is a perennial problem, and one that I still think the email tool vendors haven’t really stepped up and really tried to solve yet. And I’m sure that hundreds of people every day are tricked by these phishing messages – email that appears to be from a known organization but actually leads to a fake site that is intended to just harvest login data – and get into trouble without ever realizing what happened.
Here’s a fake eBay email message that I just got this afternoon:

eBay phishing message

It certainly looks legitimate enough, and if you click on some of the links in the “small print” at the bottom of the message, they will sure enough take you to the eBay site. Even if you crack the message open and view the source, the images are coming from eBay servers, and the sender address is member@ebay.com, which seems legitimate enough, doesn’t it?
Heck, the first line says “eBay sent this message!” and follows with “Your registered name is included to show this message originated from eBay. Learn more”!
The first obvious problem with this message, though, is that I’ve never submitted a bid on the specific item being referenced, the “TOSHIBA RD-XS54 DVD Recorder w 250 gig hard drive”, so rather than think “oh, I better answer!” I know to toss this message out.
The more critical way to see that it’s phishing is to put your cursor over the “respond now” button and look on the edge of your email window. Good email programs will actually indicate on the window frame what address they’d take you to if you click on the link. I use Microsoft Entourage and here’s what it shows on the edge:
eBay phishing message: URL

Clearly eBay isn’t going to be sending me to a server called oneota.net so that’s a flashing red klaxon that this message is completely bogus.
But let’s say that I didn’t realize that, or my email program didn’t show me the URL of a clickable link, and I clicked on the link.
First off, I might then suddenly get to a site that tries to install spyware or other bad things on my computer, but hopefully my Web browser or other antivirus / antispyware application would prevent that from happening. More likely, I’d end up looking at a page that looks completely identical to a legit eBay login page:
eBay phishing fake login page

Looks quite legitimate, doesn’t it? But again, there’s a problem. If I go to the real eBay site, it remembers my login account name and this is blank. I might miss that, though, so here’s a trick to avoiding any phishing scam, however sophisticated it may be:
Test the login page with a fake account and password pair.
Here I’ll invent an account and password that I’d never use (my temptation is to use obscenities so that the phisher will have a bit of feedback on his attempt to defraud me, but that’s another story!).
This phishing attempt is quite sophisticated, though, because I try the bogus account / password pair and it actually logs the information and hands it off to eBay itself. All of a sudden, I’m getting an error message that:
    Your sign in information is not valid. Please try again.
but this time the URL in my browser’s address bar shows me that I’m actually at https://signin.ebay.com/ rather than the oneota.net address.
Now I can safely log in if I think that the phishing query is legitimate, since I’m now legitimately on eBay (be careful with this sort of thing too, because I could register a domain like “signin-ebay.com” and a quick glance might well suggest it’s legit).
But really, the best advice I can give you is to be skeptical and a bit less lazy. Every time you get email from a service, be it eBay, Paypal, your local bank, the Social Security Administration or whathaveyou, don’t click on its “login” button, but just type in the URL of the site in your browser and log in from there instead.
I really wish this wasn’t an issue, and I hate the waves of phishing email I get because they, of course, clutter up my mailbox and make it easier that I might accidentally delete a legitimate query or request for updating my data. But precious few organizations now send email asking for you to log in with clickable links at this point, and that’s a good clue regarding how you can avoid problems.
Good luck. If you do think you’ve been “phished”, log in to the site and change your account password ASAP!

Let’s Stay In Touch!

Never miss a single article, review or tutorial here on AskDaveTaylor, sign up for my fun weekly newsletter!
Name: 
Your email address:*
Please enter all required fields
Correct invalid entries
No spam, ever. Promise. Powered by FeedBlitz
Please choose a color:
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
ebay, paypal, phishing

7 comments on “How do I know if an eBay message is phishing?”

  1. Gonçalo says:
    April 22, 2013 at 3:55 am

    enter in your ebay.com account, never in received emails

    Reply
  2. Steve says:
    August 1, 2008 at 9:07 am

    All these are totally fake ,ebay always sends a message directly to your ebay account if they want to contact you for anything.Never reply or click on any emails which are sent to your inbox.90% of them are fake i get a whole lot of emails asking me to pay for an item which i have never bought.
    Also when you look at those ebay ids which they use to send it from , those id’s have been hacked .
    So stay away from replying to any emails other than what comes directly in your My Ebay page.

    Reply
  3. Manfred Zysk says:
    March 23, 2007 at 10:33 am

    I received a second e-mail for an unpaid item, which was never ordered, and it reads:
    “eBay Unpaid Item Reminder for Item #190010839322”
    I did not open this fake e-mail. Can you report this to any authorities and eBay?
    Manfred Zysk
    manfred5@canby.com

    Reply
  4. Jan says:
    March 28, 2006 at 9:35 am

    You can also immediately forward a suspicious email to spoof@ebay.com. They usually get back to you within 24 hours to confirm whether it’s legit. I get so many, that I know what to look for – which is everything already said above. But I send it to ebay anyway and then delete it. Maybe if they get overloaded they’ll put more effort into this continual problem.

    Reply
  5. Captain Infinity says:
    February 1, 2006 at 5:33 am

    You mention:
    >Heck, the first line says “eBay sent this message!” and follows with “Your registered
    >name is included to show this message originated from eBay.
    But notice…your registered name is *not* shown. The Phisher doesn’t know it, unless you make it public in your eBay offerings or My eBay page…which, of course, you shouldn’t do.
    All email from eBay will include your registered name. Any you receive without your registered name should be plonked as soon as you receive it.
    **
    Captain Infinity

    Reply
  6. Marshall Kirkpatrick says:
    January 27, 2006 at 2:00 am

    Not to be a goog-a-phile, but with my Gmail account I can get 100 emails a day in my inbox and MAYBE 3 spam emails a WEEK. A good spam filter should make a huge difference in problems like this.

    Reply
  7. eBay Player says:
    January 26, 2006 at 10:25 pm

    You can also download and install the free eBay toolbar, which informs you if you’re on a spoofed eBay or PayPal site, as well as other goodies such as alerts when you’ve been outbid, when you’ve won an auction, etc.
    You can download it free at http://pages.ebay.com/ebay_toolbar/index.html.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Recent Posts

  • How to Scan QR Codes on Saved Photos (iPhone & Android)?
  • What Can I Tweak on my PC to Make it Left Handed Friendly?
  • How Do I “Unshare” a Shared iCal Calendar on my Mac?
  • Best Way to Change Movie Poster Art on Plex Media Player?
  • Can I Read an EPUB “Ebook” On An Amazon Kindle?

On Our YouTube Channel

MIFO S IP67 Sport ANC Earbuds -- REVIEW

ECOLOR Dreamcolor TV LED Backlight - DEMO & REVIEW

Categories

  • AdSense, AdWords, and PPC Help (106)
  • Amazon, eBay, and Online Shopping Help, (161)
  • Android Help (193)
  • Apple iPad Help (144)
  • Apple Watch Help (51)
  • Articles, Tutorials, and Reviews (344)
  • Business Advice (198)
  • Chrome OS Help (20)
  • Computer & Internet Basics (755)
  • d) None of the Above (164)
  • Facebook Help (381)
  • Google, Chrome & Gmail Help (174)
  • HTML & Web Page Design (244)
  • Instagram Help (47)
  • iPhone & iOS Help (601)
  • iPod & MP3 Player Help (173)
  • Kindle & Nook Help (90)
  • LinkedIn Help (85)
  • Linux Help (162)
  • Linux Shell Script Programming (86)
  • Mac & MacOS Help (886)
  • Most Popular (16)
  • Outlook & Office 365 Help (24)
  • PayPal Help (69)
  • Pinterest Help (53)
  • Reddit Help (16)
  • SEO & Marketing (81)
  • Spam, Scams & Security (92)
  • Trade Show News & Updates (23)
  • Twitter Help (217)
  • Video Game Tips (66)
  • Web Site Traffic Tips (62)
  • Windows PC Help (907)
  • Wordpress Help (204)
  • Writing and Publishing (72)
  • YouTube Help (45)
  • YouTube Video Reviews (159)
  • Zoom, Skype & Video Chat Help (56)

Archives

Social Connections:

Ask Dave Taylor


Follow Me on Pinterest
Follow me on Twitter
Follow me on LinkedIn
Follow me on Instagram


AskDaveTaylor on Facebook



microsoft insider mvp


This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to our terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. Our lawyer says "Thanks for your cooperation."
© 2022 by Dave Taylor. "Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.
Privacy Policy - Terms and Conditions - Accessibility Policy