You know how every site tells you that no matter what, they'll never ask you for billing or personal information via email?

To me, like you prolly, that was almost second nature to me. I receive tons of mail daily and a large percentage of them are fraudulent.

The other day they got me. And you shouldn't worry they'll catch you if you're paying attention. Anyway, here's the story so you're on the lookout:

I get an email from ebay saying that I had recently changed my shipping address (sure enough, I had) and that I had to confirm these changes (red alert). Somehow, I get distracted with the phone etc, and I continue to browse in another tab. When I return to the original tab I find myself "loging in" to ebay via the email I was sent (completely unknowingly it was through them... I had forgotten about the email completely because I wasn't paying attention)

Once you "log in" you find yourself in a site exactly the same as ebay's that day: same offers, same images same everything. And now they ask you to update your info. At first they ask you stuff just to throw you off guard (shipping address etc) and then they ask you for your credit card info and billing address.

You must be saying what an idiot I am. Looking back I thinking about the many ways you can conclude that this is a fraud: contact via email, reconfirmation of credit card, the fact that they OWN Paypal, etc etc etc... Yet it worked. I "re-confirmed" my info and went to sleep.

This morning I get a call from my bank asking me if I've been buying hardware in Israel via the Internet. They had already made over 1500 dollars in purchases which the bank will refund.

Looking back I can tell you what got me:

1) I wasn't paying attention to what I was doing.
2) the fact that they knew I had changed my shipping address.
3) how they managed to "log me into" a perfect looking ebay (encrypted and the whole thing)

Please be on the lookout for these types of thieves. No matter how careful you are, they're getting very sophisticated. This one was kinda stupid considering how they contacted me, but still....

Thanks for the warning. Tough lesson to learn... Damn, it just makes me that much more paranoid about surfing the net....

My parents got an e-mail from "eBay" like that about a year ago. They thought something wasn't right so they sent it to me. You clicked on the link inside and it looked like a legit eBay page, but if you looked at the URL it was a foreign site. Don't know what country it was from though since I can't read Chinese, Japanese, Korean or whatever Asian language it was in.

I was surprised how much of my parents info they had.

You know, its just sad. If these cyber criminals would exert as much effort into legitimate enterprise, they would be successful enough that they wouldn't have to stoop to victimizing others.

You know, its just sad. If these cyber criminals would exert as much effort into legitimate enterprise, they would be successful enough that they wouldn't have to stoop to victimizing others.
Yep ......

They do the same **** with PayPal and just about every banking chain you can think of. Just delete it whenever *they* initiate the contact.

I thought this was going to be a thread about LABF.

I thought this was about Len Pasq...whatever...

Whenever I get something like this, I close the email and manually type in the page that the request came from and login that way. If it's from Ebay, close the email, open your browser, go to ebay and login the way you would any other time. I know this doesn't help you now (and thanks for the head's up), but just a "future reference" kind of thing...

I have had over $300 stolen in my paypal like that, luckily i was on my computer and got notices of the sales, so I quickly went in and changed all of my passwords.

I have also been charged for 2 months of AOL on my credit card, and I dont even use AOL service. I have gotten all of my money back but it is just such a damn hastle.

I've heard about this scam. Thanks for the reminder. I'm looking at cars on EBAY right now. I would hate to wind up with a credit card statement of 15k for the month and hot air instead of the Mazda3s im looking for.

mazda mock??stick to your chuggaboom:P

Never log into anything via an e-mail. It's the only way to protect your personal details.

Unethical (or just dumb) programmers can put sensitive info (login info, credit card#, etc.) into cookies or URL parameters that become easy targets.

I'm a web geek and I still never use PayPal or pay any bills online. I also hate hearing when company's data gets stolen.

So, sorry to hear SirMawn. I'm actually going to send your post in an email to a bunch of people.

What was the URL of the phony site? Can you report them? Also, how do you think they knew you'd changed your shipping address?

I got that SAME eBay e-mail, and they got me too, because I sell a bunch of stuff on eBay, it looked legit, etc.. Bastard took out the 1000 bucks I had in my account, plus overdrew it for another 1000. Wells Fargo was cool about it though, gave me all my money back, said it was blatant fraud.

The only thing I've ever bought over the Internet was virus protection from a legit company. It scares me to think what could happen if I do more business over the Internet... Yikes!

mazda mock??stick to your chuggaboom:P
These little Mazdas are super-neato and drive like banshees.
http://www.mazdausa.com/MusaWeb/images/vehicles/pho_gallery_MZ3_ext3.jpg

This crap happens all the time. When it comes to emails like this, always go to the website directly. If you need to change something it will let you know there. One time I got a password change from ebay, I went into my account and someone had taken it over land listed some expensive items for sale, leaving me stuck with the opening fees. They weren't very smart though, cause I just cancelled the sales and contacted ebay, and they took care of everything. Haven't had any problems other than that, but it sure does piss a person off and make you nervous if you use the internet for a lot of stuff like I do.

It's good your bank is working with you.
Catch them fraudelent bastards!!

I too managed to fall victim to this crap.

A couple years back I go into the bank to deposit my paycheck and the teller says "sir.... you're negative seventeen hundred dollars in your account".

The withdrawls ended up coming from my paypal account, and were turned into euros. I've never really figured out how they managed to scam me, but I probably did the same thing you did and just wasn't paying enough attention to what i was doing.

fast forward two years, everything got worked out and i havent had any problems since... but knowing that at one point these people had my personal info really bugs me.

wow. three victims just on our own board. Just on this THREAD even. That's creepy.

Whenever I get something like this, I close the email and manually type in the page that the request came from and login that way. If it's from Ebay, close the email, open your browser, go to ebay and login the way you would any other time. I know this doesn't help you now (and thanks for the head's up), but just a "future reference" kind of thing...

BINGO!

Rule of thumb - never click on a link in an email. If you are worried about Ebay/Paypal/Amazon/your bank - open up a new browser, type in 'www.whatever.com' and then login. That way you have a pretty good idea of where you are sending your data.

I say being caught doing internet fraud should be punishable by castration or better its weak and lame and needs a fitting punishment. (your thoughts)?

I just got another one of those emails "from ebay" that's a scam. This one's from this site but doesn't look anything at all like ebay this time: http://www.bcstandart.ru

A couple years back I go into the bank to deposit my paycheck and the teller says "sir.... you're negative seventeen hundred dollars in your account".

Basically same thing happened to me. I went to the golf course, tried to pay with my card, and it was declined. As soon as I got home (luckily I had cash on me to pay for 18 holes so I still played) I checked my online account deal to find that I was negative 1000 bucks.

I also received, in e-mail form, a 'request' for updated information from 'e-Bay'.

Before I clicked on the link, however, I noticed that the grammer was rather poor and a couple of words were badly misspelled.

I just assumed it was a prank manifested by Zach, and wouldn't you know it...well...still scarey

You know how every site tells you that no matter what, they'll never ask you for billing or personal information via email?

To me, like you prolly, that was almost second nature to me. I receive tons of mail daily and a large percentage of them are fraudulent.

The other day they got me. And you shouldn't worry they'll catch you if you're paying attention. Anyway, here's the story so you're on the lookout:

I get an email from ebay saying that I had recently changed my shipping address (sure enough, I had) and that I had to confirm these changes (red alert). Somehow, I get distracted with the phone etc, and I continue to browse in another tab. When I return to the original tab I find myself "loging in" to ebay via the email I was sent (completely unknowingly it was through them... I had forgotten about the email completely because I wasn't paying attention)

Once you "log in" you find yourself in a site exactly the same as ebay's that day: same offers, same images same everything. And now they ask you to update your info. At first they ask you stuff just to throw you off guard (shipping address etc) and then they ask you for your credit card info and billing address.

You must be saying what an idiot I am. Looking back I thinking about the many ways you can conclude that this is a fraud: contact via email, reconfirmation of credit card, the fact that they OWN Paypal, etc etc etc... Yet it worked. I "re-confirmed" my info and went to sleep.

This morning I get a call from my bank asking me if I've been buying hardware in Israel via the Internet. They had already made over 1500 dollars in purchases which the bank will refund.

Looking back I can tell you what got me:

1) I wasn't paying attention to what I was doing.
2) the fact that they knew I had changed my shipping address.
3) how they managed to "log me into" a perfect looking ebay (encrypted and the whole thing)

Please be on the lookout for these types of thieves. No matter how careful you are, they're getting very sophisticated. This one was kinda stupid considering how they contacted me, but still....


Yikes, that's bum deal, Sir Mawn. Hope you get that all cleared up.

I've gotten quite a few of the fraudulent emails concerning ebay or PayPal. Mine have had the links like that too, except they were saying that my account was going to be suspended for some reason. Of course I panicked and emailed them right away. Thank goodness I did that.

Sorry that had to happen to you.

Protect yourself from fraudulent (spoof) emails
eBay is working hard to help keep your account safe from hacking and unauthorized intrusions. Some community members have reported receiving deceptive emails claiming to come from eBay, PayPal, or other popular Web sites. These emails are also known as "spoof" or "phishing" emails. The people who send these emails hope that unsuspecting recipients will reply or click on a link contained in the email and then provide sensitive personal information (for example, eBay passwords, social security numbers, or credit card numbers).

We strongly encourage you to be cautious when responding to any email request for sensitive personal information.

Remember, just because an email looks like it's from eBay, doesn't mean it really is. An eBay address in the "From" line of an email (for example, "From: support@ebay.com", "From: billing@ebay.com", "From: eBay Account Maintenance") does not guarantee that the email is from eBay.

You can also take a few simple steps to protect your account and prevent senders of deceptive emails from doing harm:

Be sure you are on an eBay page
Before signing in, check the Web address in your browser. If you click on a link in an email, verify that the web address in your browser is the same as the address shown in the email. The Web address of most eBay sign-in pages begins with http://signin.ebay.com/. Never type your eBay user ID and password into a Web page that doesn't have ".ebay.com" immediately before the first forward slash (/).


Always use a secure server when submitting credit card numbers
Before submitting credit card numbers over the Internet, ensure that you are using a secure server. The beginning of the web address in your browser window should be "https://" and not "http://". For secure server pages, you should also see a "lock" icon at the bottom of the browser.


Do not send sensitive personal information via email
eBay will never ask you to send your account password or other sensitive personal information such as credit card numbers in an email. Some deceptive emails will ask you to enter your password or sensitive personal information directly into a form within the email in an attempt to defraud you - don't do it.


When in doubt, use the eBay Web site
Any doubt that the email really is from eBay? Simply open a new browser window, type www.ebay.com, sign-in, and use the "site map" link to navigate the site. And make sure you sign out when you are finished, especially if you are using a public computer.


Report suspicious email
Help us keep our community safe. If you have any doubt whether an email is from eBay, forward the message to spoof@ebay.com immediately. Don't alter the subject line or forward the message as an attachment - doing so makes it more difficult for us to react quickly.


Contact your bank or credit card company
If you have already replied to a fraudulent email with sensitive personal information or entered data through a fake Web page, contact your bank and/or credit card companies immediately to prevent identity theft. eBay also recommends that you check your Account and My eBay preferences periodically to ensure that no one has tampered with your account.


Educate yourself
eBay's Help system provides detailed information about spoof emails, identity theft, and what to do if your eBay account has been compromised.


Take a tutorial on how to spot a spoof (fake) email.

Related Help topics:

Account Theft: Overview
Email and Web sites impersonating eBay
Securing your Account and reporting Account theft
Protecting your Identity

Reply to this link promptly:

Be sure to include your password for your own security.

https://pages.ebays.com/help/confidence/watermock-email.html