eBay
  1. Home
  2. Business & Finance
  3. eBay

Phishes and Spoofs (continued)
How phishes and spoofs work

By Aron Hsiao, About.com

See More About:

Phish and spoof messages look like they come from eBay, but they don't.

Though at first glance Phishes and Spoofs may seem like a silly prank, there's much more to them than that. The reason that they're made to look so genuine by spammers is precisely so that they will fool you into supplying your eBay User ID and password. When you try to log in or respond to a phish or spoof email message, your account information is sent directly to the crook who sent you the message—not to eBay.

Why do crooks want your eBay User ID and password? There are several worrisome uses for this information, once they have it:

  • To commit fraud in your name. Once a crook has your eBay User ID and password, they can log into your eBay account and use your identity to list expensive items for sale—items that they don't even have. It's pure fraud, and when they take the money and fail to deliver the goods, it's your account—and you—that get pegged for the crime. It can be a nightmare to straighten out.

  • To drain your PayPal account. Once a crook has your eBay User ID and password, they can usually log into your eBay account and find enough information to also access your PayPal account. Once they're inside your PayPal account, they can:

    • Transfer all of your PayPal balance to their account
    • Transfer funds out of your bank account to your PayPal balance, then to their account
    • Transfer funds from your credit card to your PayPal balance, then to their account
    • Launder money from many kinds of criminal activity through your accounts

  • To access your bank account directly. Many people use the same ID and password for every online site they use—eBay, shopping, banking, and email—without ever thinking twice about it. After all, it's easier to remember one ID and one password than many. But if your accounts all use the same information, a spammer that gets ahold of your eBay User ID and password will also be able to try—and in many cases succeed—to access your online banking simply by trying that ID and password at a dozen or so of the largest banks' websites.
Some phishes and spoofs even go so far as to threaten you with arrest if you don't fill out a long form that requests—among other things—your social security number, your mother's maiden name, your birthdate, your bank account number, your PIN, your address, and your telephone number. Don't be fooled. eBay will never ask for these things. If you receive an email form like this and you actually fill it out completely, you have given a crook everything he needs to steal your identity completely—to get loans and take out credit cards in your name, to be issued government identification in your name, and to generally take you for everything you're worth, all while you take the fall.

Read on to find out how to avoid being taken in by phishes and spoofs by following just one rule.

Explore eBay
About.com Special Features
Essential Steps to Starting a Small Business

Start your new business on the right foot with these helpful tips. More >

10 Things You Can Do Today to Improve Your Credit

Easy steps to take control of your credit card debt. More >

eBay
  1. Home
  2. Business & Finance
  3. eBay
  4. Dos and Don'ts
  5. Phishes and Spoofs (Page 2) - eBay - eBay Privacy and Safety

©2009 About.com, a part of The New York Times Company.

All rights reserved.