If you receive an unsolicited email that appears to be from AbeBooks that requests personal information (such as your credit card, login, or password), or that asks you to verify or confirm your AbeBooks account information by clicking on a link, that email was sent by a " phisher " or "spoofer" and not by AbeBooks.

AbeBooks will never ask for this type of information in an email. Do not click on the link. Note that if you did not click on the link in the spoofed email, your account at AbeBooks is fine. (Even if you did click on the link and go to the forged Web page, but didn't enter anything, the phishers will not have your account information.)

Please report any suspicious emails that you receive to buyertech@abebooks.com

Here are some key points to look for in order to identify “phishing” emails:

1. Know what AbeBooks won't ask for

AbeBooks will never ask you for the following information in an email communication:

  • Your social security number or tax identification number
  • Your credit card number, PIN number, or credit card security code (including "updates" to any of the above)
  • Your mother's maiden name
  • Your AbeBooks password

2. Requests to verify or confirm your account information

AbeBooks will not ask you to verify or confirm your AbeBooks account information by clicking on a link from an email

3. Attachments on suspicious e-mails

AbeBooks does not send order confirmations or other unsolicited requests that require you to open attachments, nor do we permit our merchants to do so. We recommend that you do not open any e-mail attachments from suspicious or unknown sources. If you receive a suspicious email allegedly sent from AbeBooks that contains an attachment, we recommend you forward the e-mail to buyertech@abebooks.com (as an attachment if possible) without opening it. Delete the mail after you send it. If you opened an attachment in the email, we recommend running anti-virus or anti-malware software.

4. Grammatical or typographical errors

Be on the lookout for poor grammar or typographical errors. Some phishing emails are translated from other languages or are sent without being proofread, and as a result, contain bad grammar or typographical errors.

5. Check the return address

Is the email from AbeBooks? While phishers often send forged e-mail to make it look like it came from AbeBooks, you can sometimes determine whether or not it's authentic by checking the return address. If the "from" line of the e-mail looks like "abebooks-security@hotmail.com" or "abebooks-fraud@msn.com," or contains the name of another Internet service provider, you can be sure it is a fraudulent email.

6. Check the Web site address

Genuine AbeBooks web sites are always hosted on the "AbeBooks" domain--"http://www.abebooks.com/. . . " (or "https://www.abebooks.com/. . ."). Sometimes the link included in spoofed e-mails looks like a genuine AbeBooks address. You can check where it actually points to by hovering your mouse over the link--the actual Web site where it points to will be shown in the status bar at the bottom of your browser window or as a pop-up.
We never use a web address such as "http://security-abebooks.com/. . ." or an IP address (string of numbers) followed by directories such as "http://123.456.789.123/abebooks.com/. . . ."

Alternately, sometimes the spoofed email is set up such that if you click anywhere on the text you are taken to the fraudulent Web site. AbeBooks will never send an email that does this. If you accidentally click on such an email and go to a spoofed Web site, do not enter any information and just close that browser window.

7. Do not "unsubscribe"

Never follow any instructions contained in a forged e-mail that claim to provide a method for "unsubscribing." Many spammers use these "unsubscribe" processes to create a list of valid, working email addresses.

8. Protect your account information

If you did click through from a spoofed or suspicious email and you entered your AbeBooks account information you should immediately update your AbeBooks password. You can do this through Your Account by choosing the option “Update My Password” under My Personal Info.
Even if someone has been able to look at your account, they are still not able to see your full credit card information. However, orders can be sent from your account using your credit card so please contact us immediately if you notice any orders that you do not recognize.

However, if you did submit your credit card number to the site linked to from the forged email message, we advise that you take steps to protect your information. You may wish to contact your credit card company, for example, to notify them of this matter. Finally, you should delete that credit card from your AbeBooks account to prevent anyone from improperly regaining access to your account. To do so, click "Manage My Credit Cards" under My Personal Info in Your Account.

9. If in doubt, contact us

Please report any suspicious emails that you receive to buyertech@abebooks.com