The Electra Forums

Another wave of phony 'phish' emails trying to get your login.

Beware of emails that tempt you to click on an ebay item number and then request login- it's bogus. real buyer/seller emails have links that don't require login.

I know you all know, but I say again it just in case.

Thanks for the heads up on one of the many scams going on the Internet.

I have been getting tons of those phoney Ebay emails.
Out of curiosity I followed the link to a page that looked like Ebay.

I then clicked on a link on that page that took me to the same phoney.
All of the links on that page did the same. A loop.
Of course it tries to fool you into logging in with your user name and password.

There are also phoney PayPal, Bank of America, Wells Fargo, etc. emails.
They figure you have one of those accounts and will foolishly take the bait
and give up your private info.

I never log into anything from a link in an email.
Type the url into the address field in your web browser manually.
Always check the address field to make sure the page is coming from a legit source.

Don't forget to tell your family who may not be as computer savvy as you are about these scams.

I totally agree with you guys. I've been able to shake off the eBay phish email scams, kind of like junk mail. Don't click on any links in the email, or any possible attachments, etc. But a couple of weeks ago I got hit with my first PayPal phish email scam, and it seemed so real that it scared me. In a new window I logged into my PayPal account and saw that there was no activity like they reported in the bogus email. The bogus email wanted me to click on their link to check the transaction, at which point I'm guessing that they would have tried to get me to enter my username and password. I sent that bogus email message to the PayPal fraud folks, hoping it might help them catch these thieves. But still, the feeling of how real that bogus email seemed to me lingers, like a small wound that takes a long time to heal. Funny thing is they had the email message protected somehow so that I couldn't save it, or copy the contents. I had to manually enter a lot of the files info into my email to the actual PayPal fraud team (and then paranoid me wonders, was that really the PayPal fraud team that got back to me...LOL).

If in doubt check the headers for the message. You can be pretty sure its not a message from eBay or Paypal when the sender is in Israel, Japan, etc. or sending from a Hotmail account.

but don't rely on headers, they can be faked.

And that was the thing about this PayPay phish email that I got, they had all the headers and URL's faked in a way that made them look totally authentic. But in actuality, it was totally faked.

Exactly.

And this gets to be a pain, too, because legit companies don't realize... well... like I just got a notice by email from my insurance company to renew online. Great, exactly what I want to do. But not by clicking an URL in an email that leads to a page that asks for my credit card number. I sat there, because I -knew- these guys were just being boneheads,a nd that it was legit.

But I couldn't do it. I opened a new browser window, typed in their homepage URL, and spent ten minutes naivgating through their bad interface to figure out how to get back to that same screen where I could type in my credit card number. Turns out it was legit... but you know i couldn't take the chance.

And therein lies the danger. I fell for a phish recently, realized it minutes later and changed my password. But it was exactly because I had this same response- "oh, they're just being boneheads again". Danger, danger, Will Robinson!

Exactly. These phish crooks are counting on us to be totally acclimated to clicking on links in the email we receive. I just did the bonehead thing myself, with some trepidation, and felt totally compromised in the process. I just won a guitar on eBay, and went to my email for the eBay notice. And there it was, with the "pay now" button, and I thought, but how do I know it's authentic, but clicked it anyway, and it took me to my paypal login, where I logged in with some fear, then looked at my history, which told me I really was in my paypal account, and I completed the transaction. And you're right, I knew that if anything looked phishy to me, I better get out and get to my real paypal acct. and change the password. But it all went OK (I think!).

Anyhow, the advice to always open up a fresh browser window (not opened from the one you're currently in) is the best approach, and then log into where you have to go, rather than taking any shortcut links that come to you in an email.