Real-World Education for Modern Marketers

Join Over 600,000 Marketing Professionals

Start here!
Text:  A A

Gone Phishing: Why eBay Emails Can Be Hard to Trust

by   |    |  3,526 views

I'll never forget my first purchase on eBay. In 1999, I bought a 7-wood golf club in hopes that it would improve my game. No such luck. It turns out that when you are a mediocre golfer, the club doesn't matter that much.

But anyway...

Did I mention the year was 1999? Think back a bit. Wikipedia was just getting started. Blogs were in their infancy. Email and email marketing were not nearly as ubiquitous as they are today. LinkedIn, Twitter, Facebook, Digg, MySpace, etc.—not even thought up yet.

Fast-forward 11 years to 2010: I attempt to login to my eBay account for the first time in nearly eight months and receive a message that my account has been blocked; I call the eBay support number so kindly supplied, and speak with an extremely helpful gentleman who tells me that my account was locked due to "suspicious activity"; he goes on to explain phishing scams to me.

(More on phishing: the best video definition, in under three minutes, from Common Craft.) 

Fair enough. I actually appreciated that eBay was looking out for me. eBay reset my account and sent me an email. Life was back to good again... until I actually saw the email:

What eBay Did Wrong

People tend to open an email based on the two things they can see in their inbox: the From name and the Subject line. (Note: There are also people who open every single email.)

If I receive an email from a sender I do not recognize or trust, I'm less likely to open it. If an email with a "suspicious" Subject line lands in my inbox, it's most likely to be deleted or marked as spam.

The email eBay sent me included the following:

  • From name: "moreinfo"
  • Subject line: "MC010 Account Security Notice - eBay Registration Reinstatement—djwaldow"

Yikes. I'm not sure who "moreinfo" is. And, wow, does that Subject line look spammy! Wouldn't it have been better if the From name were simply "eBay" and the Subject line something like "Your eBay Account Has Been Reactivated"?

Am I right? Are you with me? Why make me guess who the email is from? Why write a Subject line that has words like "MC010" and "Security" in it? (And does anyone know what "MC010" means)?

What eBay Did Right

If you watch the Common Craft video linked to above, you'll see that the copy of the eBay email includes many of the components that Common Craft do not look like a phishing email. However, if I never open the email—due to the spammy From name and Subject line—how would I ever know?

Let's set aside for a moment the spammy From name and Subject line. Here's what I do like about eBay's email:

Preheader: In the preheader—image and copy—eBay reassures me that the message was sent from eBay to me (see below). My full name and eBay username are both included. Even better, there's a link to learn more: Clicking on "Learn more" redirects me to a page that does an excellent job of explaining how I can tell whether an email is really from eBay. 

Personalization: Though not typically a fan of first-name salutation personalization, I think in this case it worked for me. Why? It referred to my eBay username and email address—both of which I recognize immediately.

Copy: While it is a bit text-heavy for my taste, the copy is clear and easy to understand.

Links: eBay gives me a few links for additional security-related help. Very nice.

Footer: The bottom of the email once again provides a link to "Learn more" about spoof (fake) emails. This time, however, clicking on the link takes me to a fun, cartoon-like tutorial. I'm not sure why this link is different from the one at the top, but... that's OK.

Note, however, that I would have been less likely to see all of the good, valuable information in this email because the poor From name and spammy Subject line might have kept me from opening the email.

What's Wrong (and How to Fix It)

Often, when I see emails like the one from eBay, their shortcomings are due to a disconnect between IT and Marketing.

In this case, eBay has done a nice job on its site of explaining what phishing is and how to avoid being duped. It has also trained its staff to clearly explain it on the phone. Moreover, the email has compelling, valuable copy. But, I'd bet that the IT department is the one that set up the triggered email.

Now, I'm not trying to point fingers or make judgments about IT departments—not at all. My point is that these emails, although transactional in nature, should be managed by the folks at eBay who send out the marketing emails.

If I were eBay, I'd want to ensure that I have consistent branding and messaging. I want consumers to trust eBay. I want them to read and engage with emails I send, not delete them out of fear of spam.

Lessons for Marketers

Although the example in this article is from eBay, think about your own company's email communications:

  • Who sends email to your clients/customers/prospects?
  • Do you know what those messages look like?
  • Is the branding and messaging consistent?
  • Is the From name recognizable and trustworthy?
  • Does the Subject line make someone want to open it rather than delete it or mark it as spam?

If you are the person responsible for marketing in your organization, I encourage you to take these questions back to your team. Do a little digging. Ask around. You may be surprised at what you find.

Join over 600,000 marketing professionals, and gain access to thousands of marketing resources! Don't worry ... it's FREE!


We will never sell or rent your email address to anyone. We value your privacy. (We hate spam as much as you do.) See our privacy policy.

Sign in with one of your preferred accounts below:


DJ Waldow is an email marketing consultant, writer, blogger, speaker, founder and CEO of Waldow Social, and co-author of The Rebel's Guide to Email Marketing.

Twitter: @djwaldow

LinkedIn: DJ Waldow

Rate this  

Overall rating

  • Not rated yet.

Add a Comment


  • by Julie Tue Jul 27, 2010 via web


    I had a payroll service that would send every payroll reminder email and confirmation email with the name of the service as the sender.

    However, for year-end, they sent an email from some other 'name' which I didn't recognize, with an ambiguous subject line. I receive so much email, that I never noticed it and never opened it, so I also didn't fund my payroll account for year-end processing!

    As a result, I had overdraft charges, although the year-end processing fees were covered by my bank. It doesn't stop there, however.

    I still was unaware of the fact that the charges were legitimate -- I thought my bank account security had been compromised. Why? Because when they debited my account, it was also under an indistinguishable name, and the bank couldn't tell me anything about the originator. So, I contested the debit as fraud, and only found out that it wasn't during the fraud investigation from the bank. How hard would it have been to use the same terminology for the bank debit that they used all year?

    After much headache in attempting to resolve the issue without being charged excessive fees from my payroll service, I canceled my service.

    This all could have been avoided had they used their company name as the 'from' on the email. I even gave them this feedback, but they never made any changes to their system.

    I had a bad enough experience trying to resolve the issue that I also provided feedback about their company on every single rating site I could find.

  • by DJ Waldow Thu Jul 29, 2010 via web

    Julie -

    Thanks so much for your comments. What a crazy story! Wow. I just read again for the 4th time. Wild stuff. Amazing the power of a from name and subject line in an email, huh?

    Thanks again for taking the time to share.

    DJ Waldow
    Director of Community, Blue Sky Factory

MarketingProfs uses single
sign-on with Facebook, Twitter, Google and others to make subscribing and signing in easier for you. That's it, and nothing more! Rest assured that MarketingProfs: Your data is secure with MarketingProfs SocialSafe!