You have almost fallen victim to a common hacking attempt to steal your eBay credentials and shut you out of your own account on the popular auction site.
The email you received is fake and did not come from eBay.
How do I know that for sure? Because I’m 99% sure that what you received was what we call a “phishing” attack, a message that requests you log in to a specific site to “clear up a misunderstanding” or “correct an error” or, in this case, “dispute a complaint”.
Luckily I have one of these same sort of messages in my mailbox too, and it looks like this:
Now put your cursor over the “Review payment details” link and — if you have a good email program — the URL that you’d visit will pop up:
As you can see, it’s not an “https://www.ebay.com/…” address by any means, because it’s some bad guy who has a site that’s pretending to be eBay so it can sucker you out of your login info. A quick “whois” query and it turns out to be an IP addressed assigned to HINET Network Center in Taipei, Taiwan, of all places.
If you were to click on this link, which you did, then you’re in luck because Firefox also knows it’s a phishing site and protects you:
In fact, click on “Why was this site blocked?” and you’ll learn that
“Firefox 3 or later contains built-in Phishing and Malware Protection to help keep you safe online. These features will warn you when a page you visit has been reported as a Web Forgery of a legitimate site (sometimes called “phishing” pages) or as an Attack Site designed to harm your computer (otherwise known as malware).”
In general, if you get any email from a site saying you need to resolve something, log in to that site directly by typing its URL into your Web browser then go to the account information area to see if the message appears there too. If it’s there, the email is legit. If it’s not, you just smartly side-stepped a phishing attempt, good job!
4 thoughts on “eBay a Reported Web Forgery! What the heck?”
The other side of the coin…
I have been victimized by the Anti-Phishing Working Group, Google and Tucows.
I had an online educational magazine for those in the screenprinting industry, which was located at http://universaldomainexchange.com/xsjmonline/. It has been around since 1983 and has subscribers from around the world. It is highly respected as it contains no advertising what so ever – only relevant educational content.
Recently, while moving the site to another server, I had to rebuild my databases, as the magazine is ran on a Joomla database. While the magazine was down and completely out of service, a block was placed on the site. This should have been impossible, since there is nothing on the site that could possibly be considered malware, phishing or anything else. There was nothing there as the database ceased working when we switched servers.
There is a serious flaw in allowing anyone, including discontent competitors, to report a site as a phishing site and cause an interruption of a perfectly legal business entity. I contacted my web hosting company, IX Web Hosting, which explained that they could do nothing as they are a reseller through Tucows. I contacted Tucows and they stated that it was Google who does the actual blocking. I tried contacting Google and in fact filled out the online form to have the block removed, but nothing has happened.
I have been in touch with the Computer Crime & Intellectual Property Section, Criminal Division U.S. Department of Justice who stated that they are taking a very serious look at this as they have had a great number of complaints by other legally operated sites that have suffered from the blocks. I have also contacted the Federal Trade Commission who is taking an interest, also from a large number of complaints. Additionally, I have contacted the Internet Crime Center of the Federal Bureau of Investigation concerning this matter.
This is a form of business interruption, which is illegal in the United States. There are case laws that address the situation and I suppose it will take a block on a site owned by Dell, IBM, or other large companies with the money and the lawyers to bring the case to court. I would imagine that who ever is behind the blocking will no doubt be slapped with some pretty hefty fines from the government and will likely be sued in a civil court for considerable sums of money for shutting down just one business of the likes of Dell for even one day.
Hey Dave,
What about when I search for my site on google and I get this message? My site is legit, and many users will steer away from it now…. Do you know what could be causing it?
I can’t believe people are still falling for this trick.
hey Dave — I get those from hackers regarding both e-bay and paypal. My immediate response is to forward it immediately to spoof@ebay.com or spoof@paypal.com . Only once did I get a note from paypal telling me it was the real deal LOL…. but that is ok – anything they send me in e-mail is posted on their sites so I prefer to find out through the sites themselves. Guess its still best to be safe and not sorry — nor hacked.
Good luck to all,
Lu