eBay uses a payment system called PayPal, which allows bidders to pay sellers without revealing card numbers or other financial information. eBay guidelines warn users against giving out account information to sellers without the security of PayPal. Some bidders ignore or don't read these guidelines, and fall victim to a scam in which a "seller" informs a non-winning bidder that the high bidder has fallen through. The dishonest seller tells the next highest bidder the item is theirs, but they must pay for the item outside PayPal.
"Once you circumvent PayPal, you've lost your safety net," Cordary said.
And speaking of eBay, the online auction site's name is often used in another email scam that could wind up costing you big -- financially and otherwise. The scheme is called "phishing" and it's a way for scammers to get account numbers and other personal information from the most reliable source: you.
An email communication, looking quite convincingly like it's coming from somewhere you do business -- eBay, an online store, your bank or credit card company -- arrives in your inbox with an urgent looking subject line, such as "immediate attention required" or "please contact us immediately about your account. The email will direct you to click a link to the institution's website. Sometimes you're sent to a very real looking fake site -- a hyperlink doesn't necessarily send you where it says it will -- sometimes it's the real deal. Scammers can take you with their dummy site, or with a sneaky popup, designed to harvest information, that shows up immediately when you load the real one. Phishing scams may snare your social security number, your account number, your password or the information you use when dealing with a real financial institution, such as your mother's maiden name or your birthplace. Through this scheme, they can steal your money or your identity, and wreak havoc on your financial history and personal reputation -- damage not easily undone.