eBay Accounts Hijacked and Used to Scam Buyers
The 'Times Online' is reporting on what seems to be a rash of eBay-account hijackings with a boatload of fraud to match. There are apparently 20 million British eBay registrants, roughly a third of the population, and crooks are taking advantage of many of them by stealing their accounts and posting bogus items for sale. Once a sale is complete, the crooks take off with the proceeds. By stealing another user's account, a fraudster can get around the ratings system that many eBayers use to determine whether a given auction is real or a fake. Auctions may appear to be hosted by a user who has completed many successful transactions, while in reality that user has probably been locked out of their account and has no idea about the auction. The article mentions one account stealer who had snagged over 30 accounts from others and was using them to sell cars, typically the most expensive items brokered on eBay.
The article isn't too specific on how exactly these eBay users' accounts are stolen, but presumably it's accomplished by password-snagging e-mail scams, also known as "phishing." Or if people use really obvious passwords (that include their name, for example, or, the word password), then it's easy for scammers to just guess their way into people's accounts.
Since eBay itself doesn't offer much in the way of protection for buyers or sellers, the "winners" of the auctions may actually find themselves financially duped even worse than the supposed sellers, who only have to get their accounts back and clear their names.
So far, the problem seems to be a bigger deal in the U.K., but there is no reason this same scam can't make its way Stateside, so what can you do? Well, as a seller, you can choose a strong password to keep others from just being able to easily turn your account on you. And, as always, watch out for phishing scams, where official looking e-mails trick you into typing in your username and password on an unauthorized site. If everyone followed these simple guidelines, eBay and other account infiltration scams would be minimized. .
If you're buying anything expensive on eBay, make sure to get in touch with the seller, and, if anything smells shady -- like, they don't really know all that much about the 18-century armoire you're about to buy -- then don't click that "Bid Now!" button.
From Times Online
Related Links:
Reader Comments (Page 1 of 4)
Tom Fitzsimmons said 11:37AM on 10-22-2007
Always remember that these "phishing" scam play on your emotions. They might say you have been kicked off ebay, accused of fraud, anything that will make you click quick and enter your password. Take a deep breath when you get email like this even if it looks official!
Reply
mickelowdeons said 12:00PM on 10-22-2007
I have been a victim of this scam, My account was stolen almost 3 yrs ago and I have reported it time and time again to Ebay and Paypal with no help from either site. I am still unsure how my account was stolen as I have stopped all ebay about a month before the account was stolen. I constantly get emails from buyers wanting their items etc when infact I have no clue about what they are talking about. I have had to close 3 bank accounts that I had listed with each site as once the account on ebay was compromised they(scammers) tried to clear out my bank accounts even after I closed them they tried to withdraw funds from the closed accounts. Ebay still does nothing , however ebay did start calling me threatening me with action because I hadn't paid seller fees etc when I haven't used the account in almost 3 yrs,and ebay has been notified from the start.I have sent every email to spoof@ebay &spoof@paypal and still no help!!!! PEOPLE BEWARE EBAY & PAYPAL DO NOT OFFER ANY HELP WHEN YOUR ONLINE IDENTY HAS BEEN STOLEN!!!!!!!!!!!!
Reply
Linda C said 2:11PM on 10-22-2007
My ebay account was stolden a few months ago and used to sell cars. I learned of it when I received notices from ebay that there were complaints against me and an inquiry from a potential buyer asking questions about the vehicle. Ebay was very helpful in correcting the problem and later told me it was a over seas person that did it.
Reply
barbara said 2:17PM on 10-22-2007
I've been receiving 3-5 'phishing' emails supposedly from email or paypal per day...so many, and some are so plausible, that I have cancelled my ebay and paypal accounts. I certainly don't need this type of problem. Once ebay and PP strengthen their security, I will rejoin. Until then, well, there are lots of other auctions, both online and with genuine auction houses. Since I have cancelled, I still get the same phishing emails, but I can just "delete" them rather than worrying about them.
Reply
Mika said 2:24PM on 10-22-2007
I got a "phising" email lately that said my account had been locked and that I needed to log into my account to straighten out the issue. So, the first thing I did was look at the hyperlink and saw that it was a fake email. I deleted the email and informed everyone I knew not to do this. ALWAYS start a new internet window and go to ebay directly. If there are any issues, you will be notified immediately. I NEVER USE A LINK FROM AN EMAIL for EBAY & PAYPAL. To many losers out there trying to rip you off.
Reply
wallsabq said 2:26PM on 10-22-2007
mail about once a month and report it to paypal, an e-bay company. They write back that they are not responsible for e-bay. Seems it would be too much to ask for them to forward it or send me an e-mail address where to send the information so everyone wins? E-bay used to be a great thing but will be a thing of the past soon if they can't do a better job of protecting their users.
Reply
Michelle said 2:27PM on 10-22-2007
I keep on getting messages from ebay saying how my order is ready. I have no idea what they are talking about. I even got a phone call from a woman claiming that she never received the item I sold her. She tracked my name through the white pages and called my house. I had no clue what she was talking about. Today proved to me that there is something really wrong with ebay.
Reply
wallsabq said 2:27PM on 10-22-2007
mail about once a month and report it to paypal, an e-bay company. They write back that they are not responsible for e-bay. Seems it would be too much to ask for them to forward it or send me an e-mail address where to send the information so everyone wins? E-bay used to be a great thing but will be a thing of the past soon if they can't do a better job of protecting their users.
Reply
KJ said 2:34PM on 10-22-2007
When you receive a *phishing* scam email telling you things need to be re-verified/checked for illegal activity etc DO NOT OPEN!!! If you suspect its a phishing post, go to your EBay or PayPal account and view any notations MADE BY EBAY OR PAYPAL TO YOUR ACCOUNT'S MAIL BOX!!
Otherwise? FORWARD TO SPOOF@EBAY.COM OR SPOOF@PAYPAL.COM and they compile addresses etc to try and catch these people.
Reply
Peter W said 2:34PM on 10-22-2007
I have been getting 5-10 phishing e mail a week for the past year which I forward on to eBay/PayPal as a courtesy. They seem to have lost control! My opinion is that using PayPal is risky for items over $50. I was scammed once for $900 and neither eBay or PayPal were paricularly helpful. They recommend using police departments to persue these criminals but many, as in my case, the Chicago Police Dept, are overwhelmed and won't help unless the loss is over 10K. Yet, I'm sure they still prosecute nickel & dime shoplifters! My experience taught me to use better, more protected systems like escrow.com for larger purchases.
Reply
David Martin said 2:39PM on 10-22-2007
These phishing scams rely on your laziness. People would rather click on a link then go through the bother of typing in a site in the browser. If you adopt a policy of NEVER clicking on a link in an email unless it is from someone you know personally then you will never have your accounts hijacked. I have been an Ebay powerseller for 3 years and I get 10 of these emails a week and have never had my account hijacked. I forward them onto Ebay or paypal and go on with my day.
Reply
andrs said 2:41PM on 10-22-2007
If you are silly enough to click on a link in an email without checking it first, you are being very foolish.....to check it simply HOLD YOUR POINTER OVER THE LINK....then a little window will appear next to it showing you the actual address!!
NEVER sign in to ebay or anyplace else by a LINK!!
Reply
rebecca said 2:43PM on 10-22-2007
I always forward phishing emails to spoof@paypal/ebay and never go to the links. However, Paypal caught some fraudulent action on my account through something overseas. It actually took the money from my checking account, but they put it back into my paypal account right away. Then I had to transfer it back in myself (which irritated me). It made me very suspicious that someone could hack into my account. I am on the verge of cancelling my paypal account if one more thing happens. They really need to tighten their security layers.
Reply
Mike said 2:46PM on 10-22-2007
I have received phishing e-mails also supposedly coming from ebay and paypal and I just reported them and they responded that these were bogus. If you feel that the e-mail supposedly coming from ebay or paypal is dubious, report it to them at once.
Reply
Tim said 2:54PM on 10-22-2007
I've been getting these phishing scams about once a week. I just forward them to Ebay and Paypal with the Spoof@Ebay.com or Paypal. I hope that they catch all of them and put them where the sun dosen't shine!
Reply
terry said 3:07PM on 10-22-2007
I can't believe that people fall for those things. I automatically delete those emails. If I see something in them that is worrisome, I log directly onto my account at ebay, paypal, or half.com and check my account message center. If the same message doesn't appear there, no problem!
The same goes for my bank accounts, credit cards, and anything else that says it's from one of my providers, ignore the links in the email and go directly to your accounts for verification.
Terry
Reply
Ann said 3:10PM on 10-22-2007
...I get these "phishing" emails once in a while...this is what I do and recommend for others also: DON'T OPEN ANY LINKS and FORWARD EMAIL TO SPOOF@EBAY.COM or SPOOF@PAYPAL.COM...they respond within a very short time telling you if email you received was from them or it's a fraud...you also get instructions how to proceed to protect yourself and your account...hope this helps...
Reply
Andrew said 3:26PM on 10-22-2007
One way they steal your account is through an auction on E-bay itself. You'll tap into an auction to get a closer look and a screen will come up, as if you got signed off, and ask you to resign in. As you do the person running the auction now has your information. This happened to me and after resigning in something just did not feel right, so I notified E-Bay. Sure enough the auction I opened was not an authorized E-bay auction even though it was listed on the E-bay site.
Reply
Jim said 3:29PM on 10-22-2007
I seen a tractor on e-bay last year and emailed the seller about it. I sent the money to a supposedly e-bay agent to hold until i recieved my murchendise. anyways i never recieved it and e-bay says it wasn't on their site. I was just out 5200 dollars. I had the sherrif trace the money and it was picked up over by Russia somewhere. This is already happening in the states
Reply
Dr John Vollmann said 3:31PM on 10-22-2007
eBay has a history of passing the buck and does not have any controls over the accounts. You can report incidents all day long and they fall on "form letter" replies that are total balony. I stopped all activity on eBayin 2004. Closed my accounts with them and Paypal. I am still receiving spam notes from buyers abnd sellers claiming this and that. eBay needs to be investigated by the FBI for internet fraud. They are very libel for some horrendous actions.
Reply