Fake eBay Order-Confirmation and Payment Phishing
Scammers send fake eBay purchase or payment notifications to lure both buyers and sellers into handing over login credentials or banking details.
Part of: Fake Order Confirmation Phishing Scams
Last reviewed: 7 June 2026
eBay's peer-to-peer marketplace model creates a unique phishing opportunity: scammers can target both the buyer side and the seller side of a transaction. Fake 'You have a new order' emails targeting sellers, and fake 'Payment received — ship now' messages are among the most common variants.
eBay sellers in particular are targeted with a message claiming a buyer has paid and that funds will be released once a tracking number is uploaded. The email looks like a genuine eBay payment notification and may even mimic the appearance of a PayPal confirmation (eBay's former payment partner). Trusting sellers ship the item, only to discover no payment was ever made.
For buyers, the typical attack is a fake 'Your eBay order has been placed' email for an item the victim did not purchase, with a prominent cancellation link that leads to a credential-harvesting page.
How this scam works on the eBay brand
eBay sends genuine notifications from @ebay.com or @ebay.co.uk (depending on your region). They reference your eBay username, the specific item title, and the item number. Fake emails often address you as 'Dear eBay User' or 'Dear Customer' rather than your actual eBay username, and the item numbers are either missing or fabricated.
The seller-targeted 'payment notification' variant copies the eBay colour scheme but comes from domains like ebay-payments.net or paypal-ebay-confirm.com. The message instructs the seller to ship immediately because 'payment is pending release'. Clicking any link takes the seller to a fake eBay or PayPal login page.
A third variant targets eBay Message Centre conversations. Scammers send messages through eBay's internal messaging system (which appear more credible) asking the buyer or seller to complete the transaction 'outside eBay' via wire transfer or gift card, bypassing eBay's buyer-protection mechanisms.
Common red flags
- Email does not address you by your eBay username — uses 'Dear Member' or 'Dear Customer'
- Sender address contains 'ebay' but the domain is not @ebay.com or the regional eBay domain for your country
- A 'payment notification' email urges you to ship before checking your actual PayPal or eBay balance
- Any request to complete a transaction outside of eBay's platform (wire transfer, gift cards, direct bank payment)
- Links in the email lead to a domain other than ebay.com when you hover over them
- Urgent language: 'Ship within 24 hours or the transaction will be reversed'
How to protect yourself
- Always check your actual eBay account by logging in directly at ebay.com — ignore links in emails and verify any order or payment there
- For sellers: only ship after confirming payment has cleared in your verified bank account or PayPal account — never on the strength of an email alone
- Never conduct eBay transactions outside the platform; doing so voids eBay's Money Back Guarantee
- Enable two-factor authentication on your eBay account
- Use eBay's Message Centre as your primary communication channel — genuine buyers and sellers do not need to communicate by external email for transaction details
How to report it
- Forward phishing emails to [email protected] — eBay's dedicated anti-phishing address
- Report suspicious messages received via eBay's Message Centre using the 'Report' button inside the message
- Report to your national cybercrime authority: IC3.gov (US), Action Fraud (UK), or ACCC Scamwatch (Australia)
- If you shipped goods without receiving payment, open a case immediately through eBay's Resolution Centre at ebay.com/help
Frequently asked questions
A buyer said they paid via PayPal and I got a confirmation email — is it safe to ship?
No. Log in to your actual PayPal account directly at paypal.com to verify the payment has arrived in your balance. Fake payment confirmation emails are designed to look identical to real ones. Never ship based on an email alone.
How do I tell a real eBay email from a fake one?
Real eBay emails always use your registered eBay username, not 'Dear Customer'. They come from @ebay.com (or your regional eBay domain). You can also check any notifications in the My eBay Messages section when logged in.
A buyer asked me to accept payment by wire transfer. Is that OK?
No. eBay's terms require payments through eBay-approved methods. Any request to move payment off-platform, especially by wire transfer, is a strong indicator of fraud and removes your seller protections.