Recognising Spoof (Fake) eBay Web Sites
One of the biggest threats to the security of your eBay account and your identity is fraudulent email and Web sites, called spoof email and spoof Web sites. Both are used to obtain personal and account information. To help protect its members against this threat, eBay has adopted a comprehensive strategy. These efforts include the development technology solutions such as community vigilance, and member education about spoof email and spoof Web sites. It is important to learn to recognise both.
If you receive email that includes links and requests sensitive information – be suspicious
A spoof email pretending to be from eBay typically contains a link that takes you to a fake Web site that requests that you sign in and submit personal and account information.
eBay does not require you to enter information on a page that cannot be accessed from the eBay site. When possible, you should avoid clicking links. Instead of clicking the link, you should copy the address and paste it into the address bar area of your Web browser. While eBay may send email that contains links, the links are provided for convenience only. You will not be required to submit sensitive information if a direct link is provided to an eBay page.
If eBay requests information from you, a copy of that email will be in the My Messages box in My eBay. You can submit the requested information using My eBay.
eBay does not send you email that includes attachments, or ask you for your password or other sensitive information through email. For more information, see Reporting Spoof (Fake) Email.
Beware of fake Web sites pretending to be eBay
If you clicked a link in an email, verify that the Web address in your browser is the same as the address shown in the email.
Never enter your eBay user ID and password on a page that doesn't have "ebay.com" immediately before the first forward slash (/). If the address includes additional characters prior to the forward slash such as "@," dashes, and so on, it is not an eBay page. Even if the Web address contains the word "eBay", it may not be an eBay Web site.
Examples of fake eBay domain addresses: http://email@example.com/ or http://signin-ebay.com/
Real eBay domain addresses: https://signin.ebay.com.sg/, https://signin.ebay.com.my, or https://signin.ebay.ph
Before signing in, check the Web address in your browser. To be sure that you are signing into a genuine eBay Web site, look at the address bar area of your browser. At an eBay sign-in page, the Web address (URL) that appears in the Address/Location field of your browser should begin with https://signin.ebay.com/ as shown in the following illustration.
The example above applies to the eBay.com Web site. Other international sites have slightly different sign-in Web addresses. A more complete set of Web addresses is listed below:
United States Sites
|Site ||Sign-in Web address|
International eBay Web sites will have slightly different sign-in addresses. They will include the letters that designate the site the address is associated with (for example, http://signin.ebay.fr for France, http://signin.ebay.de for Germany, and so on), followed by a forward slash (/). A complete list of sign-in pages for International eBay Web sites is given below:
|Site ||Sign-in Web address|
Ireland, Sweden, United Kingdom
Singapore, Malaysia, Philippines
If you've upgraded to a browser with the latest anti-phishing capabilities, the Web address bar may help you to identify secure Web pages. Look for a green Web address bar to confirm that you are on a secure page before entering sensitive information.
If you have already submitted information after receiving an email request and you suspect that your eBay account may have been tampered with, please refer to the following page for information on Securing Your Account and review the steps on the Protecting Your Identity page.
Learn more about how to protect your eBay account
Become part of the vigilant community by forwarding suspicious email to firstname.lastname@example.org or email@example.com. For more information, see Reporting Spoof (Fake) Email.