Today I've received an email that claims to be eBay. The idea is simple - they sent a gullible american an email and tell you in some formal-ish fashion that your account needs to be updated, and even provide you with the link! Ah what nice people, eh? The catch is that is had nothing to do with eBay. I'm personally aware of at least a dozen people who actually bought into this for one reason or another - make sure you dont become a yet another victim. Here is how it works. They send you an email with a fake header pretending to be from eBay. Yes it will have an email from firstname.lastname@example.org. But that header is faked. You can use any number of fake email programs to generate those headers or you can do it manually if you telnet to smtp ( port 25 ) of any email server you are trying to reach. Particularly the way the spammers do this is simply mass email the suspected eBay customers and on average 2-3 % will actually buy into this and go to the provided link, enter their account username and password, and if the fake eBay page is really good they wont even notice how their username and password has been recorded on the fake server's logs and used to log into real eBay. Or in most cases they may even go on and tell you to enter new credit/debit card number (or bank account) so that they 'know you are verified' or something along those lines. This is the fake Email Ive received about 20 minutes ago: The link they've provided was http:// 220.127.116.11 /[and standard eBay login path]. Now this is not eBay's server IP, and eBay wont send you an email like that anyway. Upon checking on that IP (18.104.22.168) it was registered for the following place: 22.214.171.124 - 126.96.36.199 KRNIC Korea Network Information Center Host Master 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu, Seoul, Korea, 137-857 +82-2-2186-4500 +82-2-2186-4496 email@example.com Now I dont need to remind you why people in Korea are so grateful to the Americans and keep spamming them. Make sure you dont click on any email from eBay and instead simply go to www.ebay.com go to My Messages and see if eBay had something to say to you. This email has been reported to eBay. However I wont send email to firstname.lastname@example.org for two reasons: 1) I dont think it would matter and 2) he might be involved himself, and sending an email will only confirm my email address being valid in their spam lists. Dont make same mistakes.