Email Scams


Emails are being sent out that look just like legitimate eBay, PayPal, Yahoo, bank and credit union emails, but are designed to trick people to giving their credit card information to a third party who may then steal your money. This explains how to detect the scam emails and how to report the abuse.

Emails are being sent out that look just like eBay, PayPal, Yahoo and other official notifications, but are actually scams from third parties to get access to your credit cards. The emails request people to verify their credit card or other account information, including account login, using a link embedded within the email. These links in the emails often go to third party web sites that are designed by scammers to get your user ID's and passwords by scaring you into giving them your account login information. The pages are sometimes "copy/pasted" from the real website to look exactly like it.

By replying to such emails, you may be giving the scammers complete access to your money.

The scam emails titles include: Paypal security measures, PayPal Account Notification for your email address here), PayPal Account Security Measures [#05836170], Dear PayPal Customer, eBay Billing Update, Account Update, and Account verification.

The simplest way to determine if such emails are fraud is to look at the greeting line in the emails. PayPal and eBay both address their customers with their full name, and the scam emails use a generic greeting. As such, legitimate emails will begin with, for example, "Dear (your first and last name here)." The fraud emails usually begin with generic greetings such as "Dear Paypal Member," "Dear eBay Member" or even "Dear (your email address here)." It is, however, possible for the scammers to use your actual name, but usually these are just mass-mailed to the address.

Reports of such abuse, for example, should be made to, or by visiting The email header should be included in your abuse reports but are not required. Headers are requested because they do help catch the people behind the illegal scam.

When scammers get your account information, they may use it to buy items and have you pay for it, or just outright take your money. If you accidentally fall for such scams and realize you made a mistake, you should immediately manually type in the name of the site into your browser, log into your actual account, and then change your password. All such illegal activity should also be reported to PayPal, eBay and even your local law enforcement agency. Police departments have been known to prosecute eBay scams and other online crimes, although rarely.

Understanding HTML links

HTML is the programming language that tells a browser how to render a web page. You can use HTML in email and many people do. However, doing so makes it very easy for links in email to appear to point to one site, when in fact they point to another. Links in HTML are created by a special tag. There are two components to the tag, the real link (i.e. the target) and the displayed text for that link. For example, if I wanted to create a link to this page, I would add the following to the HTML code: which is displayed as, and the actual target link,, does not appear. It is easy to exploit this by providing bogus display text - they display what appears to be a link to a legitimate site, when all the while, they are pointing at something different. Let's use this site's homepage as an example. If you click this link it clearly will not take you to eBay. If you clicked the link, you did not go to the displayed address, but instead popped up a fake virus. This link could take you to a "cloned" website which would have another link that does the same thing as a way to further gain your trust. A good example is the "Microsoft Patch" virus that was going around. This link takes you to a rather shoddy looking fake Microsoft page I made in little over an hour. The infected one going around was much more authentic. Click this link, and click on "Microsoft Security Update for Windows XP/Vista/7":


Scary stuff, isn't it? Of course, phishing scam fake websites aren't looking to install viruses, they just want your user name, password or PIN number. These logins are harvested in the folders of legitimate website servers that have had their FTPs compromised so it's traced back to them and not the real culprit. An easy way to spot these is to hold your mouse over the link, and the real address is displayed in the message bar at the lefy-hand bottom of the window. If they don't match, be careful.
Below are a couple places where you can report a phishing scam email. Also, if you have the time and expertise, copy paste the actual domain origin into your browser and follow it to determine who the web hosting company is, then notify them via their "Report Abuse" form. They will terminate the account. If these harvesting folders are buried on legitimate servers unknown to the owners, let them know so they can delete the folders and try to trace where the break-in occurred. Sometimes, too, I'll forward the email to the bank or credit union whose name is being used in the scam.