EBay security...what you need to know

[firstgear]

got this in my EBay email account. I rad all the time about people getting scammed. Here are some guidelines that EBay sent out to people. For those that did not read it nor get it, these are all good ones to use.

Herb


Below are important safety tips that can help keep your accounts and personal information more secure and help guard against fraud, including spoof (also called phishing) emails and websites, and fake second chance offers.

• Never pay with Western Union or Money Gram. eBay strongly encourages its members to avoid using instant cash wire transfer services such as Western Union or MoneyGram. It's against eBay's Safe Payments Policy for a seller to request payment via these methods as they've proven to be unsafe when paying someone the buyer doesn't know.
• Check My Messages to verify the authenticity of eBay emails. Any email eBay sends you about your account or requesting personal information will also be in My Messages. Before responding to an eBay email asking for information about your account or requesting personal information, verify it's authentic by checking My Messages. If it's not in My Messages, it's a fake email. If you receive a suspicious email that looks like it's from eBay or PayPal, please forward it to spoof@ebay.com or spoof@paypal.com. We will respond (usually within minutes) to tell you whether or not the email is authentic.
• Always verify Second Chance Offers. Sending fake Second Chance Offers is a common trick used by fraudsters. If you receive an email with a Second Chance Offer for an item you recently bid on, please check your My Messages inbox (located in My eBay) on the eBay site to make sure the offer is authentic. If it appears in My Messages with the title "eBay Second Chance Offer for Item...," it's authentic. If the Second Chance Offer does not appear in My Messages, or appears with a different title, it is not legitimate and should be ignored. Help us fight this, by reporting these fakes to spoof@ebay.com.
• Download eBay Toolbar and PayPal SafetyBar. eBay Toolbar includes Account Guard which indicates when you are on a legitimate eBay or PayPal site, and alerts you when you are on a known fraudulent site. PayPal's SafetyBar detects fraudulent emails in your email program and puts them in the spam folder.
• Monitor your account regularly for suspicious activity. Prevent problems by staying alert and catching any suspicious activity early. We recommend that you log into your eBay and PayPal accounts frequently to ensure that all the transactions listed are legitimate.
• Be suspicious of any email that requests personal information. Be cautious of other emails that request you to click a link and submit your financial or personal information. If in doubt, call or contact the institution first to verify the authenticity of the email. Do not click on any links in this type of email if you cannot verify it is authentic. Only enter your financial information on secure Web sites. Check that a Web site is secure by looking for the closed lock symbol near the bottom of your browser window. And, of course, use a payment method such as PayPal, which lets you pay without sharing your financial information with the person receiving your money. PayPal also covers you 100% against unauthorized money sent from your account.

 

[Mr. Lucky]

This is good stuff, and thank you for posting it. However, eBay and PayPal are part of the problem. One of the reasons people get sucked in by phishing schemes is because they seem official and believable (what with official logo images used throughout the emails and bogus websites). Even if someone is astute enough to check the source code, they can be fooled, because the phishing scammers use the actual images from eBay and PayPal.

eBay/PayPal could easily prevent this, but for some reason they don't. Below is the code I have on several of my sites, which prevents unauthorized image use:

RewriteEngine on
RewriteBase /images
RewriteCond %{HTTP_REFERER} !^http://mydomain.com [NC]
RewriteRule \.(gif)$ stolen.gif [L]

Here is what the above code means, line by line:
1. Turn 'Rewrite' function on​

2. Apply Rewrite rules starting with the "/images" directory​

3. Test to see if the request is NOT coming from mydomain.com​

4. If so, substitute all images ending in .gif with "stolen.gif"​

* NC = No Case (case irrelevant)

** L = Last line (optional)​

That's all it takes...four lines of code. The substituted image can say or show anything you want (e.g., logo w/ circle/line through it, telephone number of their security dept., the word FRAUD, etc.). If phishers had to host the images on their own servers, it would be a tipoff that the email or webpage was not genuine. I have suggested this change to eBay (even offered my services to implement it...free of charge), but for some reason they choose not to. :eyerole

 

[firstgear]

I have the same problem with banks and any kind of financial institution. this problem isnt only limited to EBay, I get lots of these phishing emails, I ignore them all!!!!!......it needs to be applied to everything on the net!!!!