I received an email today that purports to be a payment notification for an item I recently sold on eBay. While several aspects of this message seem to indicate it is legitimate, there are a few things here that set off alarm bells for me, not least of which is the fact there is no matching pending payment showing in my account. It is critical that I determine if this message is legitimate or not quickly as I don't want to delay shipment payment has in fact been made in good faith.
This is not the first time I have sold an item on eBay but it is the first time I received a notice like this. The message itself is plain text, The header says the message is from the buyer "via PayPal", email address "memberATpaypal.com". with a reply to address set to the buyer's email.
The message starts:
"Hello <my eBay email address>,
You've got cash!
This email confirms that you have received a payment for $57.05 USD from <buyer's name> (mailto:<buyer's email address>)"
Followed by some generic details about the purchase, then the instructions for getting my payment which are as follows:
Simply click the link below and complete PayPal's one-page registration form to claim your money:
It would appear that I am being directed to set up a new PayPal account order to receive this payment instead of it being directed to the account I have had for years. I should say the email address I have registered my PayPal account with is different from the email I currently use on eBay. That said however this is not the first time I have sold an item through eBay, and I have only every accepted PayPal as payment, but I have never received a notice like this. Further, I have made several recent purchases from eBay using PayPal, one as recently as a few days ago, and all have come out of my account normally. I can think of no reason why an eBay purchase should suddenly fail to make a connection with my long time account.
Lastly there is the nature of the link in this account itself. Part of my job involves advising consumers on email safety practices and one of the primary guidelines involves avoiding direct links provided within the body of an email like this as any legitimate company will be aware that this is a strategy employed in phishing scams, and therefore ensure the legitimacy of the message by directing you to go to their site on your own and provide you with a list of tabs or selections needed to get to the correct page. I can't fathom why PayPal, of all companies, would ignore these principles and send out an email that requires actions that email security professionals advise consumers never to do.
While I can imagine reasons that I would be receiving a notice like this, my instincts are telling me not to click the link. Can anyone confirm or deny whether this is an email that is truly notifying me of a PayPal payment?
... View more