Ebay has LOUSY security!

[Kim&Chris]

Just wanted to let as many people know as possible: KEEP A CAREFUL EYE ON YOUR EBAY ACCOUNT.

For the 2nd time in just a few months, my ebay account was hijacked.

Somehow, hackers have the ability go in & change the passwords on ebay accounts, then list high ticket items for sale. People bid on these items, and the winner sends their payment to the hacker. All of this is based on the good feedback of the seller (who is not REALLY the seller). Of course, the buyer never receives the item. When my account was hacked the first time, they listed some sort of Bowflex-type machine for sale for around $2500.00. Thankfully I was able to contact ebay before the fraudulent auction ended, or there may have been a decent chance my Paypal account could have been compromised as well.

I was really ticked this 2nd time, and demanded to know how exactly they were able to change my password. The rep on ebay's 'live help' readily admitted that this happens many times every day, and they're really not able to pinpoint exactly how hackers do it. I asked how they are able to change a password that you're only supposed to be able to change by answering a specific question....he said "they just do". Great! He then attempted to insinuate that I answered one of those spam emails, and that's how they got my password. I firmly advised him that I have NEVER even opened one of those emails, let alone responded. Again I asked for an explanation as to how they do it. No answer, just an apology. I told the fault was entirely ebay's, and he did not reply.

So, fellow DISer's, keep a careful watch on your account. Log on as frequently as possible to make sure your password is still active. If you find you cannot log in, contact a rep IMMEDIATELY via ebay's Live Help chat.

 

[Beca]

It's not just ebay, but also their affiliate, Paypal. Our identity was stolen using information taken from a Paypal acct...at least, it appears it was Paypal. Our cc company says they have more problems with Paypal than with any other online acct. Be careful!!!

 

[LoraJ]

Did you click links on the phishing emails that look like they are from ebay or paypal, but aren't? I get about 20 of these a week, most go to my spam box. That is how they mostly hack into accounts.

 

[Kim&Chris]

Did you click links on the phishing emails that look like they are from ebay or paypal, but aren't? I get about 20 of these a week, most go to my spam box. That is how they mostly hack into accounts.

Nothing. I'm being totally honest...I've NEVER clicked one of those emails.

 

[U2_rocks!]

Did you click links on the phishing emails that look like they are from ebay or paypal, but aren't? I get about 20 of these a week, most go to my spam box. That is how they mostly hack into accounts.

For the last 3 days I've gotten the same e-mail from Amazon telling me about problems wth my account. The first time I got it I logged in through their secure website, not through the link in the e-mail, and I got in just fine, there didn't appear to be anything wrong. How would I know if there was really a problem with Amazon, e-Bay etc.? Would I just not be able to get in at all? I never click on links in e-mails unless it's a link I was expecting or a link that doesn't require me to type in any login details. So how would these websites actually communicate a problem to me?

 

[LoraJ]

For the last 3 days I've gotten the same e-mail from Amazon telling me about problems wth my account. The first time I got it I logged in through their secure website, not through the link in the e-mail, and I got in just fine, there didn't appear to be anything wrong. How would I know if there was really a problem with Amazon, e-Bay etc.? Would I just not be able to get in at all? I never click on links in e-mails unless it's a link I was expecting or a link that doesn't require me to type in any login details. So how would these websites actually communicate a problem to me?

I believe, if it's really the company, they address you by your full name. The scam emails usually are just like "your account is blah blah blah". And if you hover your mouse above the links, you can preview the URL. Usually the scammers have their IP address like 192.67.1234/ebay.com in front of the ebay.


You're doing the right thing by going directly to the website. I don't know about amazon, but any time I get a suspected fraud email, I forward it to spoof@ebay.com or spoof@paypal.com. I get an email back from them verifying that it is a scam and they will do what they can to shut the scammers down.

 

[Beca]

Did you click links on the phishing emails that look like they are from ebay or paypal, but aren't? I get about 20 of these a week, most go to my spam box. That is how they mostly hack into accounts.

Nope, I never check on anything. Additionally, we were not even home 10 days before we got hacked...we were in Europe, so there was NO activity on our account. It was hacking, pure and simple. We found out the initial hacking came from a computer in India, where charges were made for about a week. Then, I guess the hackers thought the accts would probably be closed soon, so they sold the info to someone in California, who then managed to do several charges on his own. We were signed up for dating services and "adult content" sites. We had MANY, MANY domain sites opened up under our name, and we had packages shipped to Ghana and Nigeria via a fraudulent FedEx account. I'm not really sure how people make money off of all of this. Honestly, the FedEx guy wasnt' sure, either. He said he THINKS nothing actually ever gets shipped, false billing is just accessed from somewhere inside of FedEx, but even he was not sure.