A new eBay password-harvesting scam has popped up in the last few days that has apparently taken in quite a few people. Users are sent an email that appears to be sent by eBay. The bogus letter instructs the user to deactivate their eBay ID if it has not been used in the past 60 days. The user is instructed to click on a URL included in the body of the email, which appears to be a legitimate eBay URL. The URL, however, resolves to another page, which also has the appearance of being an eBay Login page.

The email reads in part, "As we announced at the end of February, our User Agreement and Privacy Policy have been updated. The User Agreement, in Section 9, allows eBay to deactivate users if they are not using eBay user ID for selling or bidding for more then 60 days. These changes were made to deactivate non-working eBay members and to better serve the needs of eBay community by providing a more comprehensive trading environment."

Because of identical formatting, many people believe it to be a letter from eBay. And users who check the URL in the body of the email may not realize that, when they click on it, they are taken to a page with a DIFFERENT URL.

All email from vendors are suspect, since the beauty in the scam is that they look like they come from legitimate services. For more information, visit the Federal Trade Commission Web site at http://www.consumer.gov/idtheft.