I got an email from an eBay buyer saying that he had a question for me about an auction, but it’s not an auction I’m running. Will I get into trouble with eBay if I don’t answer the question? I mean, I don’t really understand what’s going on?
What you’re seeing is actually something called a “phishing” attempt, it’s like a virus that’s based on social engineering and the goal of the person who sent this to you (who isn’t the person listed in the eBay query, they’re fictitious) is to get your account and password information, then log in to your eBay account and hijack it.
Do they sound like nice people? No. They’re not.
I get these sort of phishing attempts all the time and while some are extraordinarily well done, most break at one point or other in the process because they’re not thinking things through (luckily).
You can see here that this really looks like a legitimate email from eBay regarding an auction you’re running. Except that I’m not actually selling anything right now on eBay.
Nonetheless, if I put the cursor over the big “Respond” button, check out what happens:
As you can see, it’s a bit of a jumble because they didn’t quite write the HTML properly for this message, but notice that my email program (Microsoft Entourage) shows me the target URL in the long-skinny yellow box, while the email HTML shows a legit-appearing “cgi.ebay.com” URL. That’s bogus.
If you were to click on the link, here’s where you go:
At this point the phishing attempt breaks down because it’s clearly a “.ru” domain and you’re seeing a 404 error page. Not good. Imagine, instead, though, if you were to see this:
Would you buy it? Would you thoughtlessly go ahead and enter your account and password information, just to be a bit surprised when it failed and asked you to log in again, even while behind the scenes they’ve recorded your account information for later mischief.
One way to check this is to always look closely at the URL shown in your browser when you’re on the page. That’ll always show you if you’re on a legit eBay page or not. For the above, for example, here’s what you’d have seen:
In general, if you get an email from eBay that you’re even remotely suspicious of, then just log in to your eBay account by typing in “www.ebay.com” then go to “My eBay” and see if the message is there too. THAT they can’t fake out.
And, be careful out there.