Users are getting mixed signals when it comes to advice about hoax email fraud. On one hand, companies and experts advise users not to click on links in emails, because they may lead to fraudulent sites. On the other hand, many companies are still including links in their emails.

The hoax email is one of the most prevalent scams on the Internet. eBay and PayPal users are bombarded on an almost daily basis with emails trying to trick them into revealing information, such as passwords and credit card numbers.

The perpetrators hope recipients will click on a link embedded in the hoax email that directs them to a "spoof" site, set up to look just like the eBay or PayPal login page. The user unwittingly logs into the fake site with their user name and password and enters private information that is gathered by the scammers. An example of a hoax email is one purporting to be from Support@eBay.com beginning, "We regret to inform you that your eBay account will be suspended if you don't resolve your problems."

The problem has become so epidemic, that in an effort to educate users about hoax emails, eBay periodically posts warnings on its announcement board stating in part that, "eBay will never ask for your password or credit card in an email. Never give out personal information by clicking on a link in an email."

Kevin Tyerman recently received an email that looked like it was from eBay asking him to click on a link to update his credit card information. He assumed it was a scam and sent the offending email to spoof@ebay.com.

Much to his surprise, eBay sent him back a response telling him that the email was not a hoax, but a legitimate request from eBay to update his account information. "I was just gobsmacked that they would still be sending this type of email," said Tyerman, an experienced eBay seller who resides in Australia.

Apparently, so are other users. One eBay Powerseller said she received a similar email, asking her to update her credit card information. She promptly sent the email to eBay and phoned her PowerSeller representative, who told her the email was authentic. Several hours later, she received an email response from eBay, warning that it was fake. "Talk about the left hand not knowing what the right hand is doing," she said.

eBay spokesperson Kevin Pursglove was not aware of any such incident, and said there is no good rationale for a PowerSeller support representative to offer that kind of advice. "Spoof@ebay.com are the people with the expertise that can provide users with accurate information about an email," explained Pursglove.

Pursglove said the online auction site is in the process of moving away from including any links in user emails, including "Opt-out" links at the bottom of all emails sent by eBay, but didn't have a timetable for the transition to be completed.

Until then, Pursglove listed several interim indicators that registered eBay users can reference in any eBay email they receive. An authentic eBay email should include:

• customer account number
• customer name
• first four digits of customer's credit card number
• expiration date
• personalized greeting

But Kevin Tyerman feel that including any links in eBay emails sends the wrong message and "undermines everything that they are trying to teach their users."

Given that the perpetrators of hoax emails use confusion to their advantage, it may be best to stick to the original advice given to users: never click on a link in an email to sign in to any online service. Always go to your Web browser, type in the URL of the site and log in as you normally would. Once you are logged in, go to your account information and update it from there.

It's also important to remember that hoax emails can target users of any company, including banks, financial services, ISPs and ecommerce sites. On Wednesday, Best Buy issued a press release to alert the public that unauthorized and deceptive spam was emailed to consumers with the subject "Fraud Alert." Best Buy said it did not send the message. If customers want to check status of their online orders, they may contact Best Buy Customer Care at 1-888-BESTBUY.

For more information about fraud, hoaxes and identity theft, visit the AuctionBytes Fraud Resource Center at http://www.auctionbytes.com/cab/pages/fraud.