It’s from: eBay Customer Support <aw-confirm-team@ebay.com>
And a button saying ‘submit’ would be here.
I heard that you never need to verify account details with places such as ebay so is this one of those tricks to get your passwords etc? What should I do about it? I’ve received one of these emails months before and ignored it and my account is fine.
It is most definately a fake e-mail. e-bay will NEVER ask you for your personal information via e-mail.
Yep, fake, 100%. The ‘link’ will actually take you to some server in Russia or the Cayman Islands, which pretends to be eBay for long enough. And then, they’ve got your details, which they could then use to tackle your Paypal account…
Forward it to spoof@ebay.com. If it is fake, they’ll let you know.
From here
Assuming you’re using a reasonably sophisticated email program, you should be able to “hover” over the button with the mouse and see the actual Web address where you’ll be taken if you click it. With most of those “pfishing” spoofs, it’s either something completely different, an IP address (e.g. 192.1.4.61), or a subdomain made up to look like part of eBay (or whoever). For example, the pfisher may register eebay.com or ebaysecurity.com and direct you there, or they may register secureverification.com and create an ebay subdomain, so the address looks like ebay.secureverification.com. If it’s real, ebay (or whatever) will be immediately before the “.com” part of the name.
You’re assuming that everybody has fully-patched browsers (ie IE…)
Until this spoof became common, it was simple to make a url have a huge inital section, which included a lot of ".com"s, and also a lot of underscores, which are easily mistake for spaces by technophobes. So they would actually think they were clicking on a “.com” address, no matter what the actual URL involved…
Almost any online company that you have an account with will address you by your name or username. They will almost NEVER address you as “Member”, “Valued Customer”, etc. Paypal and eBay are two that never use the impersonal greeting.
I wouldn’t say this was true at all! There are much better ways of detecting a fraudulent email (as already suggested) than this. “Almost any online company…” - I thought hyperbole was preferably left outside of the GQ forum.
I have received numerous emails “pfishing” for bank account data. Since I don’t even have accounts at the target banks, I assume the pfishers sent them out to any email address they can get and work the percentages.
NEVER, EVER, respond to any of these solicitations. Contact your bank or financial institution and let them know. They probably already know of it, but contact them anyway. Most banks will have a place to report this activity on their REAL website.
Don’t use an e-mail that may be fraudulent to log into your eBay account.
Either:
(1) Use a address that you have previously saved in “Favorites” or “Bookmarks”, which you know takes you to eBay; or
(2) Type the address http://www.ebay.com/ into your browser.
I just got one of these fake e-mails from someone purporting to be PayPal a few days ago. My first sign it was fake, is that I don’t have a PayPal account. 
Anyways, I didn’t see a way to report it without logging in on an account, so I called their 402 number, and spoke to a rep. who said, it indeed was a fake, that PayPal always addresses their customers by first and last name, and to please report it to spoofe@paypal.com.
Sent it in, got a reply within the hour.
(And checking my e-mail again, shows I’ve just received another one, with a different link to click. sigh Off to e-mail PayPal again and report it.)
er, the addy to report fake PayPal links should be spoof@paypal.com not spoofe. Sorry for any confusion. =)
The eBay community help boards have a sticky that sets out the responses above. There’s normally a thread or two about the latest pfishing expedition (although not always on the top page, and the lack of forums to sort threads can make it difficult to find anything other than a sticky).
I seem to get at least two spoofs a week for eBay and one a fortnight for Paypal.
If you would bother to take a look at the eBay or Paypal sites instead of just shooting off your mouth, you would note that they specifically say exactly what I have indicated.
I’ll back up Chefguy on this. I received a PayPal spoof and reported it to PayPal. They confirmed it was a phish, and said in their reply (which addressed me by name) that they will never send me a message that starts “Dear PayPal member”.
I read all my email as plain text only, which is pretty safe regarding this kind of stuff. With HTML messages, it’s easy to make a link that says www.ebay.com, but really goes to a different place, or have a form submit button like you’ve mentioned. Disabling HTML keeps this from happening, because with plain text, you see exactly what you’re clicking.
Another side benefit is that with most spam, you never even have to look at their message - many are blank, many of a paragraph of nonsense, and quite a few say simply “get a capable HTML emailer” or something like that. That always makes me smile.
These phishing emails can be surprisingly convincing; try the following “IQ” tests to see what I mean:
http://survey.mailfrontier.com/survey/quiztest.cgi?themailfrontierphishingiqtest
http://survey.mailfrontier.com/survey/quiztest.html
Actually, Chefguy is correct. PayPal and eBay always address you by your formal name or username in emails.
FWIW I read that if you’re not sure if it’s a spoof site enter the wrong password or user name. The spoof site will take it not knowing any better.