its not a chance to win a new car, its a notification of 'system maintenance'
or 'account verification'. The problem is, that none of them are likely
to have actually come from eBay or Paypal. They are simply 'spoof emails'
which are aimed at convincing us to give up our login and/or credit
card information. The really worrying part of the whole thing
is that they look so convincing, and some people are falling
email (and the spoof web page that they sometimes refer you to) are
nothing new; its the content that changes frequently and convinces
many to part with their critical information. There are two kinds of
victim, those who have had their identity stolen in this way, and those
who have lost out to a stolen identity.
is a Spoof Email and Spoof Web Page?
simply, a spoof email is one which has been doctored to look as though
it has come from a particular sender (such as eBay or Paypal), when
in reality it has come from someone completely different. A spoof web
page is one which includes text and graphics stolen from the genuine
web site (such as eBay or Paypal). Since the spoof email refers you
to the spoof web page, we'll look at those emails first...
you look at the email in your inbox, or when you open it; it will show
the sender as a legitimate email address (such as firstname.lastname@example.org), but on further investigation it proves to be a complete
do I recognise a Spoof Email or Phishing Scam?
is made difficult by three distinct factors.....
the ease with which almost anyone can compile an email and almost all
its header information due to a security loophole in the design of
SMPT mail servers. The sender (as shown) in your mail program's inbox
is absolutely no guarantee of its real origin,
by the way in which URLs (links) can be written in order to convince
you that you are clicking on a genuine site link,
the ease with which genuine graphics can be stolen from genuine site
pages and/or shown in an email just by including the relevant html
hear plenty around the internet about email headers and see examples
of spoofed email headers,
but it isn't a definitive way of identifying a spoof email. The spoof
report departments of genuine sites (eBay, Paypal, etc.) place a lot
of emphasis on their need for the full email with header in a report
of a spoof, but this will not necessarily tell them its real origin.
They will most likely have to communicate with the ISP(s) and servers
that handled the email as it traveled around the internet, and who
can trace its origin by viewing their detailed server logs. This is
not to say for certain that the scammers would have been clever enough
to spoof the whole email header, sometimes there are clear indications
that the email has not come from where it should have.
a moment to look at the whole URL (web address) that the link points
you to, when you position your cursor over the email, the full URL
should be shown in the bottom edge of the mail program window. If you
cannot see it, right click the link, copy and then paste into Notepad
(or other text only editor), where you'll be able to view it without
inadvertently clicking on it and arriving somewhere that you'd do not
want to be.
and their URLs can be written in many ways to disguise the actual address
you'll arrive at if you click on it. For instance.....
preceding the link to the spoof web page with the first part of
the genuine site's URL (such as 'https://www.paypal.com' or 'http:www.ebay.co.uk')
almost any string of characters of almost any length
the '@' character
the URL of the spoof web page
will instruct your browser to divert you to the spoof page and will
NOT send you to or through the genuine site. You'll notice other examples
of this kind of forwarding when clicking on a link in a search result
example of this kind of disguising of a link is.....
would actually take you to our home page! You'll see in this example,
that the actual URL that you'll arrive at is written after the '@'
character. And scammers usually try to disguise their part of the URL
further by mixing capitals with lower case and using random letters,
numbers and characters in the spoof page name. A copy of a recent spoof
email forwarded to me included the following link (which sent you straight
to a spoof web page where account information was requested).....
URL was too long to fit on one line here, but doesn't it look real?
Can you see the first '@' character, this is where the real URL begins,
and where you are actually sent. The spoof web page was removed shortly
after the spoof email was sent to Paypal, so it will take you nowhere
is really best that we NEVER click on a link contained in an email
just to be sure, unfortunately eBay and Paypal put a lot of links into
many of their emails and this is gives rise to the potential to fall
victim. If there really is any genuine request from eBay to communicate
information with them, you should log in (by entering the relevant
eBay URL directly into your browser address bar) and interact with
the site when you arrive there, and by those means alone. That really
is the safest way of doing it.
is a fact that with the right expertise or knowledge, a scammer can
spoof the entire header and links with a few rare exceptions. It is
important that we look directly into the email body itself.....
look for spelling and grammatical errors (many spoofs are written
by non-english speaking persons, errors are common).
if the email has a form to complete for any information (including
your user name and password, bank details, credit card details, etc,
etc.) then it is NOT from the genuine site. None of the genuine sites
would do this.
if we find that it requests us to confirm any login information (such
as user name, password and any financial information like credit card
details), it is most likely not a genuine email. If any site needs
you to confirm details, simply type the known URL for that site into
your browser, login and interact in that way alone, if there is any
genuine need to verify any information, you will be asked to do so
by some message when you are logged in.
if the email advertises a competition, or tells you that you've been
selected for some prize or accolade, don't believe it, and do NOT interact
with anything within the email. You can confirm any of that by going
to their genuine web site and logging in as described above.
you are uncertain, contact the support department of the appropriate
site (in the case of eBay and Paypal, you will have to log in and do
this through a page on their sites). You should copy and paste the
full email with header into your query as well.
better - change any notification preferences in your account to not
receive any optional notifications at all, that way you'll know what
sort of emails to expect.
do spoof emails work to commit fraud?
the email does not present you with a form to enter sensitive data,
will direct you to a Spoof web site (which will look just like the
genuine article by using the graphics from the genuine site). Either way, you
will be asked to enter your login info and/or credit or debit card
number(s); once this is done, the sensitive information will be relayed
to the fraudster(s) by the clever use of some code in the email or
eBay spoofs, the sender will want to acquire your login password so
that they can take over your account, and use it to offer items for
sale (usually high value) to other users, who will pay and never receive
Paypal, they'll want your login details so that they can take control
of your account; they may utilise any monies in the account for their
own use and gain access to use of your credit and debit cards through
that Paypal account.
are very serious acts of fraud, and there have been many examples of
successful Account Hijackings.
that we've identified the email as a spoof, what should we do?
of all do NOT proceed with any request that
it makes, do NOT enter any information and
do NOT click on any link in the spoof email.
most people would probably just delete it, but it is important to remember
that the only way to bring an end to spoof email is to report it to
those who can do something about it. The email should be reported to
the organisation that it pretends to be from (in this case eBay).
have their own department which deals with Spoof emails, and which
takes great steps to make sure that any web site that the email may
point you to is removed/closed down as soon as is possible. They will
also report such emails with the sender's ISP(s) in an attempt to trace
and prosecute anyone involved in the spoof email scam. They will also
have the user of the ISP connection that sent the spoof disconnected
and their account will most likely be terminated (no ISP would allow
the continued supply of service to any of their users involved in this
kind of scam).
or Paypal will require you to send the header and email text ('forward'
the email, or use copy and paste from the message
source, so that they get the header and email body) to email@example.com or Paypal (Paypal
use a web form to report, as opposed to an email for eBay), and they
will respond with a confirmation as to whether it is a spoof or not
and what they are doing to counteract it.
if I've identified the Spoof too late?
you've fallen the victim of a spoof email and/or web site, then you
need to act very quickly.
Complete the following in the order shown...
your Credit Card company and
tell them that your account may be compromised (do everything that
they tell you to do). If you had more than one card registered
with the sites involved, you will have to call each and every one
your bank tell them that
your account details may have been compromised and how this occurred
(do everything that they ask you to).
passwords on the relevant
sites. If you cannot log into your accounts then the fraudsters
may have already changed the passwords, go to the next step...
the web sites involved for
eBay - firstname.lastname@example.org; and
for Paypal, click
here for the relevant page. Not only should you tell them
that your account may have been compromised, but you should also
include the header and email which led to the problem. Important: the
spoof email should be 'forwarded' to email@example.com and not 'sent',
that way they will get the full header and email, and you can
still include a message.
a report to the Police (yes,
even though it is a long winded and frustratingly time consuming
prepared! Prevention is better than a cure
these rules to prevent disaster from striking...
NOT use your User Name(s) or email address(es) in any
forums or discussion groups, use a completely different ID instead
and use a 'disposable' web based email address (such as Hotmail
or Yahoo). Many user names/email addresses are picked up from
these groups by fraudsters (especially the Usenet groups which
are almost completely unmoderated and full of personal abuse
and spamming) and subsequently receive a plethora of spoof and
NOT use the same password for more than one site. This
is very dangerous, if for example, you had used the same password
for eBay and Paypal, then it would take the fraudster
a few more seconds to completely wrap up your auctions and accounts.
Many people have used the same password over and over again when
they really should not.
and I do mean never, click on any link,
or complete any form in any email whatsoever!
That applies whether it is genuine or not, and this is because
any link can be disguised with a little knowledge of HTML code
look like it will take you to eBay UK, but if you click on that
link now, you'll arrive somewhere completely different). Its best
to open your internet browser and manually type in the address
of the web page you want to go to.
your user ID and password in response to any email whatsoever.
eBay and Paypal will never ask you to do this, so DON'T DO IT!!
up with any online payment scheme (such as Paypal) using a private
email address which no one knows about. That way, while a fraudster
may gain your password, they will not be able to match it with
your user email (to log into Paypal - you need to input the email
address you used to sign up and your password). You can add other
email addresses to accept and send payments with once you've signed
up and set one of those as your default email address, that way
your log in email address will remain undisclosed.
a secure sign in, reputable and responsible sites offer this, if
they don't - DO NOT USE THEM! eBay has a very poor policy on this;
you will always be offered a standard sign in on their log in screen,
with the secure sign in as an option. Amazon and Paypal, however,
only have a secure sign in, and once signed in, you are contained
within a secure connection.
down your password(s) OR share them with anyone (hell hath no fury
like a friend/partner scorned)!
your physical privacy when entering your User ID and password -
make sure that no one can see what you are typing.
AWARE of the address of the web site that you are visiting
and be satisfied that you are at the correct site before interacting
with it in any way. For instance, if you were at the sign in
page of eBay.com (US site), the address will be http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn.
Get familiar with those site address prefixes and if you need
to be sure that you are at the right site in the first place,
simply enter the address of the site's homepage in the address
bar of your browser (e.g. www.ebay.com).
avoid becoming the victim of an already hijacked ID on eBay...
that the seller is genuine
a registered user with eBay, you've found something that you want to
bid on, but how can you be sure of how genuine the seller is? You don't
want to be conned out of your money now do you?
long have they been dealing on eBay?
has to start somewhere on eBay, and while we should not shun 'newbies'
extra caution should be exercised.
feedback page of every user will have an ID History link which
takes us to a page detailing when the user joined eBay and details
of any ID name changes.
they are new then consider contacting them by using the ask the
seller a question link on the item page and ask them for a contact
telephone number to discuss the item further (any user who will not
give you a telephone contact number should be avoided).
there has been a change in the user name, then use the ask a seller
a question facility and ask them for a contact telephone number
to discuss the item further (again, avoid anyone who will not give
you a telephone contact).
you bid and win the item, only pay by using a credit card or Paypal (Paypal
offers a secure method of making credit and debit card payments online,
join up by clicking here).
By using either of those payment methods; if you do not get the goods
or there is a problem with the goods, you can raise a query and get
your money back. If the new user demands payment any other way - such
as cash - understand that you may have no way of recouping your payment.
take a look at their feedback...
system is there to let us know how other users have rated their
dealings with this user in terms of Product, Delivery, Communication
and Description. There are three forms of feedback, Positive, Negative
to look for:
ratio of positive to negative feedback is an issue as is the frequence
of any negative or feedback. Generally speaking a minimum of 97%
positive feedback of their feedback total is acceptable and may not
lead us to look further. However, this is not the case when a quantity
of negative and/or neutral feedback has been left against more recent
transactions. If for instance the user had a feedback rating of 100,
but there were 5 negatives left in the last month, we should investigate
further, it may well be that their ID has been taken over by a fraudster.
there is a quantity of negative/neutral feedback that gives you concern,
then take a look at the relevant entries on their feedback page.
Consider the reasons given by other users. Also, take a look at the
feedback rating of the users that have left negative/neutral feedback,
there are those who use the feedback system inappropriately, such
as those who leave retaliatory feedback (this is a frequent problem)
and those who have a terrible feedback record and feel that they
have nothing to lose. You should take all things into consideration,
and if you have any concerns, contact the seller using the ask
seller a question link on the item page and request further
contact information (in eBay unfortunately, you can only request
a user's full contact information after winning their auction, but
it does not prevent you from asking before bidding).
check for a period of inactivity (many account hijacking
cases occur on accounts that have been inactive for a month or more),
again make further enquiries until you are happy that the seller
a software tool...
software tool, such as Hammertap's
Bay Check Pro, is an inexpensive and essential utility to aid you
in reviewing a user's feedback. It enables you to easily view all feedback,
and also to filter out and view negative and neutral feedback alone,
which is something that is not available on eBay itself. Hammertap also
produce deep analysis software for a deeper view of a user's history.
do they normally sell?
talked about how fraudsters can take over someone's eBay account to
sell items, accept payments, but not send the goods. The goods involved
in this are usually high value items, and if they are not what the
seller usually sells, you have good reason to be concerned.
can view previous items sold by that user by using the advanced search
facility in eBay, or by using the previously mentioned Hammertap
Bay Check Pro.
the item properly described?
are the most important part of any item for sale on eBay and should
indicate a full description of the item and its uses as well as its
condition and its history or details of previous ownership and use
(unless it is brand new and factory sealed). If there is anything lacking
in the description, use the ask the seller a question link
on the item page and ask for further detailed information and/or a
contact telephone number. Any user who will not give you a telephone
contact number should be avoided.
of online auction fraud are prolific around the internet, if you want
to avoid becoming another statistic, you need to take care with the
emails that you receive AND with whom and how you deal on the internet.
AntiPhishing Working Group
Nigerian Email Scams
12 Scams Most Likely to Arrive Via Bulk Email
About.com's guide to email scams
419 Advance Fee Scams
How not to get hooked by a phishing scam
Microsoft's Guide to Phishing Scams
Scambuster's guide to protecting yourself against phishing scams
Russian Company Information
© Copyright 2003 - 2011 Mat Bright. All rights reserved.