Those interested in spoof (fraudulent) email can look at this page -- lots or advice and links on the subject:
http://pages.ebay.com/securitycenter/
This is simple and well know, but important, so I'll "make assurance double sure."
To me the most important advice is this: don't guess whether an email is a spoof or not; rather, assume that all are. So never type in passwords or any other sensitive info on pages that come up from clicking links or buttons in the email! This is so important, so I'll give a simple example. You get an email. You click a link in that email. A web page pops up (call it page #1). Don't type anything sensitive on that page #1 even if it looks like a legitimate, familiar web page. Continuing, let's say you click a link on that page #1. Page #2 pops up. Don't type anything sensitive on page #2. You click a link on page #2, and page #3 pops up. Same thing -- don't type anything sensitive. Etc., etc.
What you should do in a case like the above is log into the web site involved (mentioned in the email) in the usual way -- either by your bookmark (favorite) or by typing ebay.com, paypal.com or whatever into your browser. Then you can log in and look into the matter that was raised by the email by going to your My eBay page and looking at "My Messages," the "Dispute Console," "My Account" (for your preferences, profile, saved info, etc.), the original auction page, etc.
To repeat -- I wouldn't pay anything by clicking on a button or link in an email. I'd ignore the email and its links. In my usual way I'd go to My eBay, the auction page or PayPal, and click links THERE to pay for the item.
Robert
|