Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”.

The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”.

“Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure that they are up to date. Please ignore this message if you have updated your data recently.”


Same as 99.99% of the phishing emails.

I couldn’t believe my eyes either, so I checked the headers of the email:



Useless to say, this is against their own policies mentioned here in German and in English here


This is the link behind the button:

It is true that their email is:

  • addressing me personally, using my eBay account
  • is not urgent, is not threatening
  • it doesn’t have attachments, but it has pictures

but, there are some elements that make it very suspicious:

  • The link they use is not but
  • They use a redirect from http to https
  • They are asking me to visit a website to validate my information
  • They are not using my first and last name


Of course, as usual, I have forwarded the email attached to to see what they have to say about their email.


© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: