Today I checked my mostly-junk email account, which is the one I use for all eBay transactions and communications. It's been a while since I bought anything - a Nightmare Before Christmas messenger bag to help me feel better about having to carry my books all around campus. Anyway, I had a message from eBay.
The weird thing was, it was a Response to Question about Item, from a seller who requested that I "Please send me the money for this item or i will report you to eBay." I'm very positive that the payment went through for the messenger bag, and what seller in their right mind would ever ship an item without receiving payment? So I looked at the email some more, very confused. It said the message was sent while the listing was active - and I thought that meant...not ended yet - and that the person writing the message, Stanley, is a potential buyer. More confusing.
An item number was listed as a link, so I clicked it and a new window opened with the eBay login screen. And yes, I did login, but was brought to a page to "update credit card and security information." Ah...that's not so great. But I still thought maybe I'd just see about that item listing number, so I skipped the information screen completely and did an advanced search on eBay. No such item exists. (Anyone surprised?)
Going back to the email, tested another link. It pulled up the same eBay login and "update" page as before, so I hovered over a link in the email.
http://www.electricgames.be/ was the domain name, and afterwards there was something about displaying an eBay login screen. This was now very obviously a spoof email, and I forwarded it to the eBay security center. But I hope that others are just as cautious! eBay guarantees that any message they send out will also appear in your "My Messages" center on eBay, and when in doubt, open an entirely new window and go to the official eBay homepage.
A few more inconsistencies: the message said it was sent to Verified Member, and that my name was included to show the message originated from eBay. Unfortunately, they did not include my name but simply referred to me as Verified Member. All other eBay communications have my full name and eBay username.
By the way, I just went back and actually read through all of what the "update" page wanted. It's pretty incredible:
- Credit or debit card #
- Expiration date
- Card identification #
- PIN code, confirm PIN code ("Personal Identification Number (PIN) ensures that no one but you has access to your funds.")
- Mother's maiden name
- Your date of birth
- Social security number
- Email address registered with eBay
- Email address password
If you know people who are gullible enough to fall for this kind of thing, please warn them!!