Home ScamsPhishing Scams Fake eBay ‘Order Confirmation’ Email Designed to Steal PayPal Login Details

Fake eBay ‘Order Confirmation’ Email Designed to Steal PayPal Login Details

by Brett M. Christensen

Outline:
‘Order Confirmation’ email purporting to be from eBay claims that you have purchased an Apple iPhone for $365.



Brief Analysis:
The email is not from eBay. It is a phishing scam designed to steal your PayPal account login details. The ‘Cancel Order’ button in the email opens a fraudulent website designed to look like the PayPal home page. If you log in via this fake PayPal site, criminals can steal your login details and hijack your PayPal account.

Example:
eBay Fake Order Phishing Scam





Detailed Analysis:
According to this email, which purports to be an order notification from eBay, you have purchased an Apple iPhone 5 for $365. The email includes a table of information about the supposed purchase and notes that the order was processed by PayPal. The email also features a ‘Cancel Order’ button.

However, the email is not from eBay. It is a phishing scam. The criminals who sent the email are banking on the fact that at least a few recipients will be panicked into clicking the ‘Cancel Order’ button in the mistaken belief that their account has been compromised and used to make fraudulent transactions.

One might expect that clicking the button would take you to eBay.  But it instead takes you to a fake website that has been designed to emulate the genuine PayPal home page. Victims may think that, since the order was supposedly processed via PayPal, they will need to access their PayPal account to cancel. So, once on the fake PayPal site, they may proceed to log in with their PayPal email address and password. After logging in, the fake page will simply refresh.  But, the login credentials that you entered will be collected by scammers who can subsequently use them to hijack your PayPal account.

The ‘cancel payment’ ruse is one that scammers commonly use. Similar tactics are used to distribute malware.  Be wary of any order confirmation or receipt email that lists purchases that you know nothing about. If you receive such an email, do not click any links or open any attachments that it contains. Instead, check your account by entering the company’s address into your browser’s address bar and logging in. Or access your account via a trusted app. Any unexpected transactions or account issues should be revealed once you have logged in.




Last updated: March 15, 2016
First published: March 15, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams – Anti-Phishing Information
Phishing Scam – eBay ‘Registration Suspension’ Email
Question About eBay Item Phishing Scam
PayPal ‘You Sent A Payment To Kogan’ Phishing Scam Email

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer