Fake eBay Invoices Plague Consumers
A Wombat Security Technologies survey reports that 85% of organizations, worldwide, have been targeted by phishing attacks. One among those is eBay – continually targeted by scammers. Below is an example of a new phishing email that is making the rounds to inboxes across the nation. It claims to be from eBay stating that the recipient owes hundreds of dollars for an item they did not purchase.
Don’t be lulled into a false sense of security, if you’ve not made a purchase from eBay recently. Even if your last shopping spree was months ago, you are not safe from this scam. The target of this particular phishing attack had not shopped on eBay for months.
More about the fake email….
Suspicious, the recipient of this email hovered over the Pay Now Button and the Invoice Link. This revealed that the link did not go back to an eBay page, but to this web address “alu…..com/invoive.htm” [address truncated for security]. Upon further investigation, it turned out that the web address was registered in Vienna, Austria. Here is an image of the actual email.
So how can you identify a fake email? Keep the following elements in mind whenever you receive an email – elements that should be a red flag that it may be fake or malicious.
- Is the email unsolicited?
- Note the Subject Line. Is it vague? Is the salutation generic? Legitimate companies will personalize email communications to their customers, especially if it concerns payment requests.
- Hover over the link without clicking. Does it take you to a different website than the company that the email claims to represent?
If you answered yes to any of these questions, then be wary. Be practice: Delete it immediately.
eBay also offers the following resources if a customer is concerned about a potential security issue:
- “For general issues and inquiries, please contact our Customer Support Team.
- If you’re suspicious about an email that claims to be from eBay, sign in to My eBay and click the Messages tab. If you don’t see the same message there, the email is fake. To report a fake email, forward it to firstname.lastname@example.org.
- If you suspect that someone knows your username and password, change your account information and take steps to secure your account. If you think that someone used your account without your permission, please contact us immediately .”