If you were one of the 128 million eBay users affected by the recent data breach, keep an eye on your inbox, because the phishing attempts have started.
The email below was shared with the Consumerist by an eBay user named Phil. He has a specific email address used only for his eBay and PayPal transactions, so he immediately recognized it as a phishing attempt.
“Phishing mails always start with a generic ‘Dear customer’ or ‘Dear Client,’ but this one not only addresses me by my full name,” he wrote to Consumerist. “It was also sent to an email address that I use EXCLUSIVELY for my Paypal account.”
Phil was on top of his game, but to the untrained eye, this attempt might be a little trickier to identify.
What other red flags do you see? Use this fake email from "Amazon" as your guide.
Photo courtesy of Consumerist.
Most phishing attempts are easy to spot because they are riddled with typos and definitely don't address you by your full name. This specific attempt is highly personalized and looks legitimate enough. However, here are some of the tell-tale signs:
- The from address has been redacted by the Consumerist, but I'll bet that the email didn't come from PayPal but rather a random email address, similar to firstname.lastname@example.org as seen in the fake Amazon email linked above.
- At the bottom in the "What's next?" subheading, the hours to call customer service is a little bit off. Normally, businesses use the standard "4 a.m. to 10 p.m. Pacific" - not Pacific Time. There's also a missing comma in that paragraph between Time and Monday.
- The in-body links. No company talking about a security problem would include a link in an email. Instead, it would tell you to visit the PayPal site and log in to your account. Then it would include instructions on where to go to fix the problem. That's it.
If you see an email like this pop up in your inbox, be sure to forward it along to the real people at eBay and PayPal by sending an email to email@example.com or firstname.lastname@example.org
Thanks to the eBay data breach, I think we will be seeing a lot more of phishing scams in the near future. Learn more about how phishing scams work, and why this isn't the only email you should worry about.