It’s Phishing Time
I almost got hooked the other day by a company trying to find out my personal information through a scam called phishing. Not familiar with phishing? Well, in order to understand what I am about to cover, we first have to understand what phishing means. Read here for a complete description.
Okay, once you’ve got that handled, here is an example of what I’m talking about. I was checking my e-mail when I received this message in my Inbox (I removed the hyperlinks for this example):
**PLEASE READ THIS IMPORTANT EMAIL REGARDING YOUR LISTING(S)**
We would like to let you know that we removed your listing because the intellectual property rights owner notified us, under penalty of perjury, that your listing or the item itself infringes their copyright, trademark or other rights.
We have temporarily suspended activity on your account in order to allow us to investigate this matter further. If you believe that this action may have been taken in error or if you feel that your account may have been tampered with, please contact our Live Help team so that we can provide additional information and work with you to resolve this issue.
We have credited any associated fees to your account. We have also notified the bidders that the listing(s) was removed and that they are not obligated to complete the transaction.
If you believe your listing was ended in error or have questions regarding the removal of this listing, please click here or contact the intellectual property rights owner directly at: Entertainment Software Association.
Ebay is available to answer questions, but since it is the rights owner that requested the removal of your listing(s), we encourage you to contact them first.
For more information on Ebay’s cooperation with rights owners through the VeRO Program and a list of rights owners that have created About Me pages, please visit:
Thank you for your cooperation.
Customer Support (Trust and Safety Department)
Well, to someone who doesn’t know any better, this may look like a legitimate e-mail. So, they would probably click on the links and fill out their personal information. Unfortunately, that is the wrong thing to do, because that is the whole purpose of phishing. If you do that, you’re giving the hackers exactly what they want.
Phishing typically comes in the form of e-mails targeting a recipient. There are some scams that just ask the person to update their information, but this specific one was informing me that the activity on my Ebay account was temporarily suspended and that I needed to visit the links they provided.
Well, when I clicked on the link above, this is what I got:
The picture above looks like an Ebay sign up, but take a closer look at the Web address it gave me when I clicked on it:
If you look at that link, it’s obvious it isn’t from Ebay at all. This is often called a spoof link. It cloaked the true destination of the link. So, a good way to tell if it is a legit site or not is to look where the link takes you in your browser’s address bar.
The actual Web page above would be what we would call a hoax Web page. This term simply means that the page is made up of graphics stolen from the actual Web pages and an interface made up to steal a person’s identity.
So, what happened when I clicked on one of the links? Well, it took me to the sign in page shown above, which is the hoax Web page that this particular Ebay scam uses. That page is a gateway that someone created and tailored to make it look like a legit Ebay page, just to get your personal information.
If I would have went through the entire form and actually filled everything out and sent it in, it wouldn’t have gone to Ebay. Rather, it would have went to whoever is behind this scam. As a result of me falling for this scam, someone would now have all the information they needed to commit identity theft, using my good name. A good name and a good credit history that took me a lifetime to build up, could be all destroyed in the blink of an eye and that is very scary to even think about.
So, the best thing to do to avoid falling for a scam like this one is the following:
You need to look for any kind of spelling or grammatical errors, because that is a real tip off. If they don’t know their English very well, there will, more than likely, be some errors. Also, if it asks you to fill in information regarding your bank account information or even your username and password, it’s fake, because Ebay (or any other sites, for that matter) would never ask for that kind of information.
If it asks you to verify your username or password, it is most likely not a genuine site. If it asks you to do this, just type in the URL that it’s known to be associated with and any information they want you to verify will be brought to your attention. Be sure to look at the hyperlinks for any weird characters or anomalies that you normally wouldn’t see in a Web address as well.
With this information in hand, you will be able to see through e-mails like these for what they truly are: a scam. I tend to follow a general rule of thumb if I get e-mails like this. I just log into my account from the known Web address and check my account to see if I do actually have any issues that need to be addressed.
Lastly, please keep this in mind: If Ebay needed to contact you, they would have a message appear when you log into your account informing you of anything that needs your attention. If you find one of these e-mails, please inform the legitimate company’s help line or IT department as soon as possible.
If you have any questions, contact Ebay and address it as pertaining to the phishing scam you received and/or your account.
Until next time, keep your shields up!