Sony Xperia XZ Premium review: Hands-on with the new 4K HDR phone with Motion Eye camera and Snapdr5…
I work in IT. I know about phishing.
Yet I just fell victim to it.
I never get spam emails on my email address, I've been quite lucky like that. I also just yesterday listed something on ebay.
So when I received an email from [email protected] looking everything like a genuine ebay email which had a button that said 'respond now' I clicked it and logged in.
Unfortunately, too late, I noticed that the address was a .cz address.
I promptly changed both my ebay and paypal passwords.
Not sure how this guy got my email address to co-incide with me (rarely) selling stuff on ebay but it worked.
How embarrassing. Glad I noticed something was wrong and changed all passwords - someone who didn't know about IT might've just thought there was something up with ebay's site and left it at that and their paypal account would have been depleted somewhat or they'd have dodgy tradings going on in their name.
Perhaps I need some anti-phising software and to be a bit more alert from now on :(
They didn't ask for sensitive information and it was a 'click here to respond' type link. I'll definitely be being a bit more careful in future...can't believe I fell for it. Was just the timing.. put something for sale one day and got the email the next.
All sorts of funny things happen with email references to eBay and perhaps PayPal. Always pays to be double certain before going that extra mile!.
Nothing to do with phishing as such. But last year eBay notified me of a possible suspect seller. It transpired that the seller was located in China, yet using an 'inactive' long time registered German account. The whole episode involved some very good investigative work. And to eBay's credit, they came up 100%.
"No matter how real it looks, never log in to anything from email. Type the address yourself"
I don't agree. Maybe don't log into a site you may be wary of but to never log into an email link is a tad over kill to say the least.
I'm afraid I don't fully agree with the last statement. I log into sites from emails all the time, but they are not secure sites and are usually forum replies, that is ok. However I would never log into a secure site from an email link.
Anything to do with banking or secure transactions of any sort I log into directly.
If you want to report your phish then CastleCops have a team who are working very hard to bring down the sites that are doing this. click here
I still won't. The number of sites I have log ins for are very few. Namely my bank, 3 stores that hold my CC on file, ebay&paypal and of course email... I stand by what I said, and I haven't faltered yet.
Every email from eBay (or from anyone else who uses their system) will have your full name followed by your username in brackets at the top - see screenshot click here. G
Although what you say is correct I would advise anyone trading on eBay to use their own shortcut or type the url there self as I have seen many spoof emails from eBay pay pal some very good looking and some very obviously fake so no doubt some one could hit it on the head and have one with all the info you said.
Here's a pic of the email...pretty genuine...
Also I've since realised that any 'respond now' type messages via ebay give the full details of the item.
More haste less speed in future. Whoever did this was 'lucky' (or perhaps has some more intellegent means) in that I'm not often selling on ebay and this came the day after an auction went on.
Are there any plugins for outlook that will check with databases of this kind of thing like you can for spam mails?
This thread is now locked and can not be replied to.