eBay fake emails take a hit

Modified anonymous email replies no longer require users to “use the yellow button”

When eBay rolled out My Messages, the creaters of fake eBay emails (known as "phishing" emails) had a field day.

The sender of a message through the contact member or ask seller a question features has the option to hide their email address from the recipient. This is a fairly smart option since just asking a seller a question does not enter you into a business relationship with them and you likely don’t want to get a bunch of later emails from them.

When eBay sends that email to the user, it shows up in both their My Messages box and also their in-box from their main email program. I know it is safer to sign in to eBay and check that the message really is in my messages, but honestly, how many sellers have time to do that?

The fake emails are getting better and better at fooling eBay users. The problem is when the sender blocks their email address and the responder must reply through my messages. There is a yellow button in the email which takes you directly to respond to the email in my messages. If you are not already logged in to eBay, you will be prompted to log in.

You can see where this is going I’m sure.

All a scam artist needs to do is make a fake sign in page and have the yellow button in their phishing email point to their mock up sign in page. Unsuspecting eBay users put in their log in information and Bingo, the scammer has access to their eBay account. If the eBay user uses the same email address and password for their PayPal account, the scammer now has access to their financial information.

So where am I going with this. Well, eBay has announced a new system for replies to anonymous emails. Beginning at the end of this month, they will have a temporary anonymous "reply to" email which will forward the email to the sender of the original email. All the replier needs to do is hit reply from the email. No signing in, no redirection to another page.

This is a sensible modification and I look forward to it rolling out officially.

