eBay

classic doesn't have as many of the old features as it should.   I'd be surprised if a notifications link was ever found in classic....it's just the old presentation of transactions.

i will NEVER understand why companies rush out these new site changes.   After several weeks there are still gliches galore and the icing on the cake is the new look is terrible.....far worse than the old way.  All they did was jumble all the information around and make much of it so small it is barely readable.

Daft.

According to Paypal, this email is a phishing attempt so if you opened links and logged in, change your password ASAP

Interesting........since it directed me to log onto Paypal's site directly and used my proper full name i didn't think it would be phishing.   I never click on links in emails so if it is, i'm safe..

thanks for the heads up but Paypal has many time in the past told me that ligitimate emails they have sent out are phishing.  One department seems to have no idea what the others are doing and the spoof dept. just plays it safe and says everything is phishing.

let me correct that.....it is phishing.   It doesn't tell me to go to the Paypal site but has a link in it that i'm supposed to click on.   Didn't notice that the first time.   It does use my full name, which is unusual for a phishing email.

May want to change Ebay's as well and keep an eye on bank accounts and credit cards associated with the Paypal account!

what happens when you log into a link provided in a phishing email?  Anyone know?   I know the bad guys get your password but what do you see after log in?   Do you get a copy of  the Paypal home page?   It should take you to your account page but the crooks won't know what that looks like so what do they present for you to see?

If they have your password, they also have access to your personal info and possibly financial information (financial is usually more secure and located elsewhere, hence why you can't see the whole numbers.

They can also have access to all sellers you paid or buyers that you bought from.

It can be a very unpleasant situation.

Phishing is rampant these days, especially on Ebay and Paypal as the hackers know there are a lot of people unfamiliar with security or lack of on those sites

no, my question was more specific.   What happens the moment you log on in a phishing link?   A user would be expecting to immediately be taken to their account page.   But the phishers can't do that, so what do the phishers give the user to see?   If it doesn't look ligit, the user will immediately be suspicious.

Is it not linked to your Ebay account? Better safe than sorry as far as I am concerned

The only one that can give you very specific info would be a hacker or security specialist as there are so many variables and variations as to what hackers, do and how they do it.

The December 2nd policy change does NOT appear to be legit.

The most recently announced policy change goes into effect January 2015:

https://www.paypal.com/ca/webapps/mpp/ua/upcoming-policies-full

Question was raised: how do scammers have both email address and full name of the account holder:

There was a serious security breach at PayPal about seven to ten years ago.  Lasted a few hours only.  Whoever got into the system had access to names (first, initial and last) matching the email address. That information has been around a long time and has been misused often.

In the "good old days" we knew it was safe to open an email from PayPal when addressed to us by name.  That has not been true for seven to ten years. 

BE CAREFUL

The email IS legit, it comes from the same server as every other PayPal policy update.

The January 7th change you link to IS the update this email refers to. This particular policy change is new and has never been previously announced.

The last policy change we were notified about was the Chargeback fee matter.

In the "good old days" we knew it was safe to open an email from PayPal when addressed to us by name.  That has not been true for seven to ten years. 

They still do! ALL of them!

"What else could I do? I had no trade so I became a peddler" - Lazarus Greenberg 1915
- answering Trolls is voluntary, my policy is not to participate.

It was eight years ago:

A flaw on PayPal's website could help scammers who send out "phishing" emails by allowing them to determine a PayPal member's full name and include it in hoax emails, giving them an air of legitimacy.

AuctionBytes discovered the URL with the vulnerability on Friday evening when it was sent in by an anonymous user. Adding a PayPal member's email address to the end of that specific PayPal URL causes a box to appear with that member's full name. Entering an email address of a non-member brings up an error message. There is no need to log into PayPal to access that URL, and it isn't clear what the page is designed to accomplish.

PayPal tells its users to expect official PayPal emails to contain their names in the body of the email. Phishing emails that include a person's correct name that corresponds to their email address could fool the recipients into believing the email is actually from PayPal. Phishing emails are sent to trick people into revealing financial information and/or account passwords. AuctionBytes began reporting on hoax emails targeting PayPal in June of 2002. Since then, phishing attacks have become a serious problem for PayPal and eBay members as the emails get more sophisticated and attackers prey on unsuspecting users.

In PayPal's tips called "Protect Yourself from Fraudulent Emails" in a section titled "Please use the following tips to stay safe with PayPal," it states: "Greeting: Emails from PayPal will address you by your first and last name or the business name associated with your PayPal account. Fraudulent emails often include the salutation "Dear PayPal User" or "Dear PayPal Member".

AuctionBytes has chosen not to include the URL in this article until PayPal has fixed the vulnerability, but you can see in the accompanying graphic a screenshot of the page that comes up after entering eBay CEO Meg Whitman's email address, meg@ebay.com. A test by AuctionBytes of 30 email addresses brought back real names of over 25 PayPal users.

I would rather believe Paypal and take no chances!

Their reply to me is below

Hello ------------,
Thanks for forwarding that suspicious-looking email. You're right - it 
was a phishing attempt, and we're working on stopping the fraud. By 
reporting the problem, you've made a difference!
Identity thieves try to trick you into revealing your password or other 
personal information through phishing emails and fake websites. To learn
more about online safety, click "Security Center" on any PayPal webpage.
Every email counts. When you forward suspicious-looking emails to 
spoof@paypal.com, you help keep yourself and others safe from identity 
theft.
Your account security is very important to us, so we appreciate your 
extra effort.
Thanks,
PayPal
This email is sent to you by the contracting entity to your User 
Agreement, either PayPal Ince, PayPal Pte. Ltd or PayPal (Europe) S.à 
r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:
5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118 
349.