Boycott Watch
September 5, 2003
Consumer Alert: eBay, Paypal, Yahoo and other online email Scams
   Summary: Emails are being sent out that look just like legitimate eBay, PayPal and Yahoo emails, but are designed to trick people to giving their credit card information to a third party who may then steal your money. This report explains how to detect the scam emails and how to report the abuse.
    Emails are being sent out that look just like eBay, Paypal, Yahoo and other official notifications, but are actually scams from third parties to get access to your credit cards. The emails request people to verify their credit card or other account information, including account login, using a link embedded within the email. These links in the emails often go to third party web sites that are designed by scammers to get your user ID's and passwords by scaring you into giving them your account login information.

   By replying to such emails, you may be giving the scammers complete access to your money.

   The scam emails titles include: Paypal security measures, PayPal Account Notification for your email address here), PayPal Account Security Measures [#05836170], Dear PayPal Customer, eBay Billing Update, Account Update, and Account verification.

   The simplest way to determine if such emails are fraud is to look at the greeting line in the emails. PayPal and eBay both address their customers with their full name, and the scam emails use a generic greeting. As such, legitimate emails will begin with, for example, "Dear (your first and last name here)." The fraud emails usually begin with generic greetings such as "Dear Paypal Member," "Dear eBay Member" or even "Dear (your email address here)." It is, however, possible for the scammers to use your actual name, but we do not have any reports of that at this time.

   Reports of such abuse, for example, should be made to, or by visiting The email header should be included in your abuse reports but are not required. Headers are requested because they do help catch the people behind the illegal scam.

   Fred Taub, Executive Director of Boycott Watch advised people not to click on any link in such emails. "If you want to verify your online account information, it is safest to carefully type the site name in your browser yourself, and use the links within the web site rather than using the links provided in such emails. This will make sure your browser is not redirected to a criminal's web site that just records your account information and allows them to take your money."

   When scammers get your account information, they may use it to buy items and have you pay for it, or just outright take your money. If you accidentally fall for such scams and realize you made a mistake, you should immediately manually type in the name of the site into your browser, log into your actual account, and then change your password. All such illegal activity should also be reported to PayPal, eBay and even your local law enforcement agency. Police departments have been known to prosecute eBay scams and other online crimes.

E-Mail This Page to a Friend
Enter the recipient's e-mail address:

(Click here to return to top of page)
 ©2003 Boycott Watch