Got a very scary email from eBay today about my account being suspended. Now I was reaching for my delete key because this type of thing is normally called ‘phishing’. Tell tale signs are ‘you need to reset your account’, the immediacy of the email and the fact that you haven’t done anything that makes you think that you should have received it. This email had all of them.
I was laughing at the whole reverse psychology of warnings about spoof mail.
However there is one more thing that needs to be included in a phishing scam. They need to fool you into thinking you are going to ebay whereas you are actually going to their site. Now this is ridiculously easy look – www.ebay.co.uk/security/resetpassword.html See, easy isn’t it.
This email didn’t have a link. It told me to go to eBay’s website* and to reset my password. Well first I did what anyone sensible would be and see if they were telling the truth. To my amazement my account had been suspended. Then I did what they asked and reset the password.
(* another trick is to tell people to go to ebay’s security website at ebaysecurity.com whereas real ebay pages are always something.ebay.com)
Now ebay doesn’t worry me too much. The worst that could happen is that I have to sign back up again, what worries me is eBay’s sister site – paypal. Paypal is linked to your credit card to pay for things. Now if someone hacked into that they could pay themselves ?500 in the time it takes to write an email address. Now that is scary.
It seems that ebay suspended paypal at the same time so I reset that password so something VERY secure.
I think that’s all for this little rant. Moral of the story is that you should NEVER believe anything you receive by email (I’m more than happy to check any mail you get to see if it’s trustworthy) and this is the reason I tell people to avoid eBay, sometimes it’s not worth it.