Subscribers to eBay's online payment service are being targeted by a fraudulent e-mail scheme that aims to persuade them to hand over their credit card information.
Over the past week, users of eBay's online payments service have been receiving e-mails masquerading as official PayPal alerts, eBay spokesman Kevin Pursglove confirmed Friday. The messages ask recipents to submit bank and credit card details.
Tricks involving bogus e-mail posing as legitimate messages from eBay and PayPal are nothing new. However, the latest spoof e-mail--which included a PayPal logo, links to PayPal's site and official-looking fine-print--appeared particularly convincing, said Brenda Frymire, a PayPal user in San Ramon, Calif., who received the e-mail Thursday.
The e-mails tell recipients that their PayPal accounts have been randomly selected for maintenance and placed on "Limited Access" status. The message, which appears to come from email@example.com, instructs the account holder to enter credit card and bank account numbers in an online form embedded in the e-mail.
Pursglove said that the "spoof" e-mail did not come from eBay or its PayPal unit and that it is very likely a trick to rob people of private information. He said the company has received several complaints, but has yet to figure out who is behind the scheme.
"We encourage people to notify us and not to respond to these e-mails," said Pursglove, noting that eBay makes it a practice not to request users' personal information via e-mail.
According to Pursglove, it has proven difficult to catch the perpetrators of spoof e-mail fraud, which have also plagued Amazon.com and America Online, despite efforts by e-commerce companies and Internet service providers to identify and locate them. The eBay spokesman didn't know if anyone had actually been apprehended for such a scam.
But eBay has taken steps over the past year to counteract such tricks, Pursglove said. For instance, eBay has begun notifying account holders by e-mail whenever they receive a request to change an account's password or user name.
The San Jose, Calif., company is also testing a system designed to detect fraud and tampering. In addition, the company posts messages on its discussion boards about how to protect personal information.