Fake eBay ‘Order Confirmation’ Email Designed to Steal PayPal Login Details

Outline:
‘Order Confirmation’ email purporting to be from eBay claims that you have purchased an Apple iPhone for $365.

Brief Analysis:
The email is not from eBay. It is a phishing scam designed to steal your PayPal account login details. The ‘Cancel Order’ button in the email opens a fraudulent website designed to look like the PayPal home page. If you log in via this fake PayPal site, criminals can steal your login details and hijack your PayPal account.

Example:

Detailed Analysis:
According to this email, which purports to be an order notification from eBay, you have purchased an Apple iPhone 5 for $365. The email includes a table of information about the supposed purchase and notes that the order was processed by PayPal. The email also features a ‘Cancel Order’ button.

However, the email is not from eBay. It is a phishing scam. The criminals who sent the email are banking on the fact that at least a few recipients will be panicked into clicking the ‘Cancel Order’ button in the mistaken belief that their account has been compromised and used to make fraudulent transactions.

One might expect that clicking the button would take you to eBay.  But it instead takes you to a fake website that has been designed to emulate the genuine PayPal home page. Victims may think that, since the order was supposedly processed via PayPal, they will need to access their PayPal account to cancel. So, once on the fake PayPal site, they may proceed to log in with their PayPal email address and password. After logging in, the fake page will simply refresh.  But, the login credentials that you entered will be collected by scammers who can subsequently use them to hijack your PayPal account.

The ‘cancel payment’ ruse is one that scammers commonly use. Similar tactics are used to distribute malware.  Be wary of any order confirmation or receipt email that lists purchases that you know nothing about. If you receive such an email, do not click any links or open any attachments that it contains. Instead, check your account by entering the company’s address into your browser’s address bar and logging in. Or access your account via a trusted app. Any unexpected transactions or account issues should be revealed once you have logged in.

Last updated: March 15, 2016
First published: March 15, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams – Anti-Phishing Information
Phishing Scam – eBay ‘Registration Suspension’ Email
Question About eBay Item Phishing Scam
PayPal ‘You Sent A Payment To Kogan’ Phishing Scam Email