What’s a Look-Alike?
Certain websites, particularly eBay, have been targeted for an unusual form of identity theft, look-alike websites. This scam exploded around 2002, but the technique is still in effect today. Essentially the scam uses a website that looks very similar to a legitimate one (like eBay.com), and then asks you to ‘verify’ your personal and financial information by filling out a form on the bogus website. When you hit submit, it sends your info straight to identity thieves.

How Do You Spot One?
Identity thieves will send mass emails to people who use a particular website, like eBay. The email will use the same logo as eBay, have the same formatting as valid emails from the company, and will often seem fairly benign. Often when you are asked to ‘verify’ your information, the link you click on will actually have ‘eBay’ in the address, adding to the perceived validity. However if you look closely, you’ll notice that these addresses also have other words, like ‘www.change-ebay.com’ or ‘www.verify-ebay.com.’ These are domain names that are purchased (often with stolen credit card numbers) for the sole purpose of stealing your information. These websites often will only exist for a few days before they are found and shut down, but they stay up long enough to snare a few unwary people.

What Do Thieves Do With Your Info?
Websites like eBay are vulnerable to this type of fraud, mostly because they require almost all of their users to input personal and financial information in order to use the service, as well as repeatedly asking users to input their username and password. Often the bogus websites will simply have a login page, where you enter your username and your password, like you do every time you login to the real service. With access to your account, not only can thieves get your credit card info, but they can post fraudulent sales and collect money from other users (while never delivering any goods, of course). All of this activity, by the way, is under your name. The identity of the fraudster is almost never discovered.

How Do You Prevent It?
Pay very close attention to unsolicited emails from online services. The reason why this type of fraud works so well is because eBay and other websites will send you (valid) unsolicited emails about services or your account. Discerning the real from the fake often takes a critical eye and a cautious hand. Make sure you look at the address of any link in the email, valid eBay links always start with ‘www.ebay.com/.’ If the message is talking about a sale or a purchase you didn’t make, verify it by going to the website itself (don’t click links from the email) and contacting people through the links there. If anything looks questionable, question it! Websites like eBay have set up hotlines for emails that may be fraudulent. You can forward the message itself to their offices, and they will respond and let you know if it is valid or not.