e bay problems and warning
Thread Starter
Joined: Feb 2002
Posts: 747
Likes: 22
From: (LFA 7a)
e bay problems and warning
My e bay account has been hacked and a number of very expensive items with very short sale times were listed under my user name.
I have contacted e bay and "will get a reply in 24 to 48 hrs" which is way after the listings , which have bids on them already have finished.
I have 100% feedback and dont want to loose this.
I have never given my passwords to anyone or have them written down anywhere.
The goods are all for sale in the USA and not the UK
Any advice?
I have contacted e bay and "will get a reply in 24 to 48 hrs" which is way after the listings , which have bids on them already have finished.
I have 100% feedback and dont want to loose this.
I have never given my passwords to anyone or have them written down anywhere.
The goods are all for sale in the USA and not the UK
Any advice?
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
Jim, just a thought - you haven't responded to any of the 2phishing" emails purportedly from ebay? Some of them are damn good!
Easy enough to spot, though - just check the URL that you are "invited" to click - if it is not ebay.co.uk or ebay.com, then it's a phish.
SD
Easy enough to spot, though - just check the URL that you are "invited" to click - if it is not ebay.co.uk or ebay.com, then it's a phish.
SD
Thread Starter
Joined: Feb 2002
Posts: 747
Likes: 22
From: (LFA 7a)
Heres an update.
I reported them to e bay. I then went on the new e bay chat help and e bay actually telephoned me from Utah!! to verify they were talking to me in the UK.
It occured to me that "they" could be part of the scam, but hey...whatever. Anyway, they removed all the non jim sales and whilst we were dealing with this the sales all re appeared on e bay again.
All removed again and my e bay details have all been changed. Investigation started.
No I have never fallen for a phishing scam....
I then e mailed the git who was doing the sales, and the silly sod responded!!
I warned him to keep looking over his shoulder as I knew where he was and that I hoped he like hospital food.
Even if I am in the UK and he (or she) is in the USA!!!
I reported them to e bay. I then went on the new e bay chat help and e bay actually telephoned me from Utah!! to verify they were talking to me in the UK.
It occured to me that "they" could be part of the scam, but hey...whatever. Anyway, they removed all the non jim sales and whilst we were dealing with this the sales all re appeared on e bay again.
All removed again and my e bay details have all been changed. Investigation started.
No I have never fallen for a phishing scam....
I then e mailed the git who was doing the sales, and the silly sod responded!!
I warned him to keep looking over his shoulder as I knew where he was and that I hoped he like hospital food.
Even if I am in the UK and he (or she) is in the USA!!!
Spicy Meatball
Joined: Jan 2004
Posts: 1,115
Likes: 0
From: Liverpool UK
I hate this sort of thing and it appears to be happening far too often. For those who know a bit about eBay and phishing etc it is a bit easier - but I feel sorry for the people who may not know much about the Internet etc and can fall for these scams easy.
My girlfriend (now well educated on the subject by moi) was actually on her way to the post office ready to post a phone to Nigeria - without even knowing anything about the auction, I told her to stop and that it was a scam. Money had been promised but not actually sent. These
get away with it too easily and for that reason I think eBay is eventually gonna go down the swanny 
Hope you manage to resolve your issue - it's probably some spotty half wit sat at his computer, if so then I think you scare tactics are probably gonna work!
Maz
My girlfriend (now well educated on the subject by moi) was actually on her way to the post office ready to post a phone to Nigeria - without even knowing anything about the auction, I told her to stop and that it was a scam. Money had been promised but not actually sent. These
get away with it too easily and for that reason I think eBay is eventually gonna go down the swanny Hope you manage to resolve your issue - it's probably some spotty half wit sat at his computer, if so then I think you scare tactics are probably gonna work!
Maz
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
Interesting -
As far as I know, the only way to "use" your account is to either crack the password (guesswork or brute force), or else obtain the password by a keyboard logger or other spy software installed on your PC.
I would tighten up your firewall, AV and anti-spyware defences, just to be on the safe side.
How can the items be for sale in the US if your account is registered in the UK? And what benefit would it be to the "seller" if payment were sent to you?
I wonder if it is possible for ebay's systems to allow a near-simultaneous registration of accounts with the same name in different countries, which then get "merged" when their systems replicate information.
SD
As far as I know, the only way to "use" your account is to either crack the password (guesswork or brute force), or else obtain the password by a keyboard logger or other spy software installed on your PC.
I would tighten up your firewall, AV and anti-spyware defences, just to be on the safe side.
How can the items be for sale in the US if your account is registered in the UK? And what benefit would it be to the "seller" if payment were sent to you?
I wonder if it is possible for ebay's systems to allow a near-simultaneous registration of accounts with the same name in different countries, which then get "merged" when their systems replicate information.
SD
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
Frosty, that's not the point - the account is registered in the UK, so even if the item is listed on ebay.com, the seller is still registered (and the item located) in the UK.
Joined: Jun 2003
Posts: 13,787
Likes: 0
From: EuroGA.org
Let me offer a really good simple tip for Ebay users.
Make your Ebay email address different from every other email address you use.
So if your name is Joe Bloggs, and say you use yahoo email, and your normal email address is [email protected], then knock up [email protected].
If you have your own domain, say bloggs.co.uk, then use [email protected] normally, and use [email protected]. Or [email protected]. Etc.
Then, in your email program, set up a filter on the incoming emails so that only the "ebay" addresses end up in a box called "Ebay".
Then spam pretending to be from Ebay is instantly recognisable as such.
The most likely way somebody's Ebay account was hacked is by phishing. The idea behing a good pfish is for the target to net realise it even afterwards. The pfish site will redirect you to real Ebay immediately, even very kindly logging in for you (they have just captured your login+pwd, after all) so you know nothing about it.
The other thing, never enter Ebay by clicking a link supplied in any email. Always select it from your Favourites, or better still always type in the full URL each time.
Make your Ebay email address different from every other email address you use.
So if your name is Joe Bloggs, and say you use yahoo email, and your normal email address is [email protected], then knock up [email protected].
If you have your own domain, say bloggs.co.uk, then use [email protected] normally, and use [email protected]. Or [email protected]. Etc.
Then, in your email program, set up a filter on the incoming emails so that only the "ebay" addresses end up in a box called "Ebay".
Then spam pretending to be from Ebay is instantly recognisable as such.
The most likely way somebody's Ebay account was hacked is by phishing. The idea behing a good pfish is for the target to net realise it even afterwards. The pfish site will redirect you to real Ebay immediately, even very kindly logging in for you (they have just captured your login+pwd, after all) so you know nothing about it.
The other thing, never enter Ebay by clicking a link supplied in any email. Always select it from your Favourites, or better still always type in the full URL each time.
Joined: May 2006
Posts: 2,042
Likes: 0
From: 2 m South of Radstock VRP
Hijacked Accounts
My account was similarly hijacked earlier this year. I e-mailed spoof @ebay.co.uk straight away and they sorted it in hours. What the hijacker can do, having short-auctioned an expensive item, is get the money and run. The winning buyer then expects the true owner to either supply the kit or give a refund.
The only think I can thing of that compromised my details was my use of Auctionsniper.com (bids for an item as close as you want to the end of auction when you're not around to do it). I'd used it before successfully but, on this occasion, it needed my eBay password (as it would, to bid). Anyway, Mr Dummy's not doing that again.
GBZ
The only think I can thing of that compromised my details was my use of Auctionsniper.com (bids for an item as close as you want to the end of auction when you're not around to do it). I'd used it before successfully but, on this occasion, it needed my eBay password (as it would, to bid). Anyway, Mr Dummy's not doing that again.
GBZ
Thread Starter
Joined: Feb 2002
Posts: 747
Likes: 22
From: (LFA 7a)
I've thought a lot about this and couldnt see any benifit to the fake seller.
BUT:
I got lumbered with the £153 charges for hosting the sale (refunded by e bay)
and the seller just phones up or e mails the bidder and says .."Hey man, send me cash and I'll knock 10% off so I dont pay charges" so he wins wins....
BUT:
I got lumbered with the £153 charges for hosting the sale (refunded by e bay)
and the seller just phones up or e mails the bidder and says .."Hey man, send me cash and I'll knock 10% off so I dont pay charges" so he wins wins....
Recidivist
Joined: Jun 2005
Posts: 1,240
Likes: 0
From: Essex, UK
Originally Posted by Saab Dastard
Frosty, that's not the point - the account is registered in the UK, so even if the item is listed on ebay.com, the seller is still registered (and the item located) in the UK.
I was responding to the 3rd para in your previous post, SD.
Spicy Meatball
Joined: Jan 2004
Posts: 1,115
Likes: 0
From: Liverpool UK
The other thing, never enter Ebay by clicking a link supplied in any email. Always select it from your Favourites, or better still always type in the full URL each time.
Joined: Nov 1999
Posts: 319
Likes: 0
From: Wivenhoe, not too far from the Clacton VOR
To help avoid phishing scams get a spoofstick.You can get a Firefox and/or an IE version.
Joined: Mar 1999
Posts: 470
Likes: 0
From: Ashbourne Co Meath Ireland
copied from www.isc.sans.org, this might affect quite a few people if you're not VERY careful indeed. It's worrying that Paypal may have been severely compromised!!!!
Pay Pal Phlaw?
We've recieved a report of a potential flaw in the PayPal website that is being used to steal credit card and other personal information from PayPal users.
The scam works by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.
When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, (apparently somewhere in Korean IP space) which presents a very convincing fake PayPal Member log-In page.
Logging in sends the PayPal username and password to the bad guys and causes another page asking for more information (social security number, credit card number ...) to remove the limits on the access of thier account.
More to come as we confirm information.
We've recieved a report of a potential flaw in the PayPal website that is being used to steal credit card and other personal information from PayPal users.
The scam works by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.
When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, (apparently somewhere in Korean IP space) which presents a very convincing fake PayPal Member log-In page.
Logging in sends the PayPal username and password to the bad guys and causes another page asking for more information (social security number, credit card number ...) to remove the limits on the access of thier account.
More to come as we confirm information.
Joined: Feb 2006
Posts: 391
Likes: 1
From: In the dark
It is worth anyone who buys and sell on the internet to have a good look at this excellent website:
http://www.419eater.com/
I nearly got caught out by a scam, and the UK Police were useless, be warned.
http://www.419eater.com/
I nearly got caught out by a scam, and the UK Police were useless, be warned.
