Heather & Uhl Albert

eBay Spoof Got Me!

Ebayphishemail_2Eagle, ID — Being on the Internet since 1993, I thought I was savvy enough that this would never happen to me. Well, today I was suckered into an eBay spoof web site and actually tried to log in with my user name and password!

I had an auction for a item on eBay and I already had received a couple questions from eBay members about the auction. When this happens, you get a nicely formatted eBay email with a button that says, “Respond Now”. Today, I recieved a third question from an eBay member, asking if I accept PayPal. I thought this was a little odd at first, since the auction clearly states payment methods, but you never know, there are some dense people out there. I also noticed that the item number in the email body started with a “7” just like the actual item I was selling. So I clicked on the “Respond Now” button.

EbaysigninThis took me to a web page that looked exactly like the eBay login page. I was a little surprised that it asked me to login because I recently checked the box that says “Keep me signed in”. But I thought maybe I had deleted my cookies or something since then. After trying to enter my user ID and password a couple times, I realized something was wrong. I looked at the address and noticed it didn’t look quite right. I opened up another browser window and went to ebay.com. It showed that I was signed in already. I looked carefully at the address bar and noticed that the addresses were different. At that point I realized I had been duped.

ImpostersigninUpon review of the email there were a couple things that were off. One was that it came through an email account that I don’t have associated with eBay. It even had someone else’s email in the “To:” field, but I didn’t notice it. Then I looked at my previous questions about the auction and noticed the titles were more specific, not a generic “Message from an eBay Member”. The authentic questions had the full item number in the subject plus the title of the eBay listing. When I realized I had been duped, I quickly changed my eBay and PayPal passwords then started changing all my other accounts that were using the same password. Although this was tedious, changing that password was long overdue.

These phishers are getting pretty sophisticated so watch out! The best practice is to never click on a link through the email, but go to your “My Messages” page on the eBay web site. All messages you will receive from eBay through email will be duplicated in “My Messages”.