What you’re seeing is actually something called a “phishing” attempt, it’s like a virus that’s based on social engineering and the goal of the person who sent this to you (who isn’t the person listed in the eBay query, they’re fictitious) is to get your account and password information, then log in to your eBay account and hijack it.
Do they sound like nice people? No. They’re not.
I get these sort of phishing attempts all the time and while some are extraordinarily well done, most break at one point or other in the process because they’re not thinking things through (luckily).
For example…
You can see here that this really looks like a legitimate email from eBay regarding an auction you’re running. Except that I’m not actually selling anything right now on eBay.
Nonetheless, if I put the cursor over the big “Respond” button, check out what happens:
As you can see, it’s a bit of a jumble because they didn’t quite write the HTML properly for this message, but notice that my email program (Microsoft Entourage) shows me the target URL in the long-skinny yellow box, while the email HTML shows a legit-appearing “cgi.ebay.com” URL. That’s bogus.
If you were to click on the link, here’s where you go:
At this point the phishing attempt breaks down because it’s clearly a “.ru” domain and you’re seeing a 404 error page. Not good. Imagine, instead, though, if you were to see this:
Would you buy it? Would you thoughtlessly go ahead and enter your account and password information, just to be a bit surprised when it failed and asked you to log in again, even while behind the scenes they’ve recorded your account information for later mischief.
One way to check this is to always look closely at the URL shown in your browser when you’re on the page. That’ll always show you if you’re on a legit eBay page or not. For the above, for example, here’s what you’d have seen:
In general, if you get an email from eBay that you’re even remotely suspicious of, then just log in to your eBay account by typing in “www.ebay.com” then go to “My eBay” and see if the message is there too. THAT they can’t fake out.
And, be careful out there.
3 thoughts on “What does an eBay phishing attack look like?”
Whenever you receive an email from eBay in your email account yahoo,msn,gmail NEVER click on any of them ,IF you click on them it takes you into a website which looks just like eBay and which asks you to sign in or update your personal information , look at URL address if it is phishing email you will see that there is some other URL address in your address bar .
Send all these emails to spoof@ebay.com
Ebay always sends emails directly to your email account , always open emails only logging in to Ebay.com and then going to my eBay .
Ebay also sends you emails to your email account and the same emails reflect in your My EBay so open them only from My eBay.
-Steve
Wow,
That is kind of scary
“THAT they can’t fake out.”
Actually, if they really really wanted your ebay account, that create a virus to change your HOSTS file, or change the DNS servers you use, but they probably aren’t that desperate.