RichardB
Well-known
This account http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&rd=1&item=310054023047&ssPageName=STRK:MEWA:IT&ih=021 was completely hijacked to the extent that a question asked through the account was answered by the real account owner.
The hijacker inserted his email and asked to be contacted if someone wanted to buy it now for $2400.
Obviously this camera/lens combination in worth more than $2400 but there are bids and we don't know how many individuals used the email address.
If there had been a 'Buy It Now' button, I would have been tempted but still would not have purchased this item.
A little scary how easily this can be done and only confirms my policy of direct phone conversation and verification of whose sellng before bidding and purchasing a high ticket item.-Dick
The hijacker inserted his email and asked to be contacted if someone wanted to buy it now for $2400.
Obviously this camera/lens combination in worth more than $2400 but there are bids and we don't know how many individuals used the email address.
If there had been a 'Buy It Now' button, I would have been tempted but still would not have purchased this item.
A little scary how easily this can be done and only confirms my policy of direct phone conversation and verification of whose sellng before bidding and purchasing a high ticket item.-Dick
RichardB
Well-known
"(notice they are answering questions"
That is what I Posted in my original Post " that a question asked through the account was answered by the real account owner."
That is what makes this occurance so disturbing.
I don't think you can make the statement that this account has not been hijacked as the account owner sure thinks so as they have forwarded the item to spoof@ebay.com. One will not get any information from eBay about the resolution but until someone relays the facts to be me, the account has been hijacked.-Dick
That is what I Posted in my original Post " that a question asked through the account was answered by the real account owner."
That is what makes this occurance so disturbing.
I don't think you can make the statement that this account has not been hijacked as the account owner sure thinks so as they have forwarded the item to spoof@ebay.com. One will not get any information from eBay about the resolution but until someone relays the facts to be me, the account has been hijacked.-Dick
M. Valdemar
Well-known
This is the result of "phishing" where the "hijacker" got the password from the person who has her seller ID in the auction.
The seller has not lost her account. But she cannot end this auction because there are less than 12 hours to go.
The person who put their email address there is not the owner of the seller id.
They cleverly ran a one day auction on Memorial Day, hoping the person who owns the seller ID would not check their email and not notice.
Meanwhile, the "hijacker" was hoping to make an off-eBay a deal with some dunce who emailed him.
She has to get on the phone with eBay or with Live Chat, and CHANGE everything in her account. Passwords, credit cards, bank info. Someone else now has all her info.
This is not a fault of eBay security, it is the fault of the person with the selling ID who clicked a link in an email, or otherwise was tricked into revealing her password.
If she uses the same password for PayPal as for eBay, she is in even worse trouble.
Mere stupidity, not a failure of "security".
.
The seller has not lost her account. But she cannot end this auction because there are less than 12 hours to go.
The person who put their email address there is not the owner of the seller id.
They cleverly ran a one day auction on Memorial Day, hoping the person who owns the seller ID would not check their email and not notice.
Meanwhile, the "hijacker" was hoping to make an off-eBay a deal with some dunce who emailed him.
She has to get on the phone with eBay or with Live Chat, and CHANGE everything in her account. Passwords, credit cards, bank info. Someone else now has all her info.
This is not a fault of eBay security, it is the fault of the person with the selling ID who clicked a link in an email, or otherwise was tricked into revealing her password.
If she uses the same password for PayPal as for eBay, she is in even worse trouble.
Mere stupidity, not a failure of "security".
.
Last edited:
M. Valdemar
Well-known
In this case it was better not to actually "hijack" the account, because changing passwords and other info would have triggered a flood of warning emails.
The "hijacker" left the seller's info intact (even though she has never sold a camera before), because it looks more legit.
This attempt is based on:
1) One day holiday auction.
2) Catching a "buyer" who thinks he is clever and will save money on an "off-eBay" deal by answering the email address in the body of the auction.
"You can't cheat an honest man." - W.C. Fields
If someone "wins" the auction the normal way, no real harm. They will get back their money from PayPal if they are stupid enough to pay.
Always check the past auctions of someone with a "good deal". If they formerly sold only $4 Disney pins and suddenly are selling a carload of $4000 cameras, use your head.
The "hijacker" left the seller's info intact (even though she has never sold a camera before), because it looks more legit.
This attempt is based on:
1) One day holiday auction.
2) Catching a "buyer" who thinks he is clever and will save money on an "off-eBay" deal by answering the email address in the body of the auction.
"You can't cheat an honest man." - W.C. Fields
If someone "wins" the auction the normal way, no real harm. They will get back their money from PayPal if they are stupid enough to pay.
Always check the past auctions of someone with a "good deal". If they formerly sold only $4 Disney pins and suddenly are selling a carload of $4000 cameras, use your head.
RichardB
Well-known
Auction is closed.
Here are scans of the copies i made before the auction was closed by eBay.
-Dick
Here are scans of the copies i made before the auction was closed by eBay.
-Dick
charjohncarter
Veteran
I had something that happened to me on Ebay 3 months ago that I felt proved that they had been hacked. When I complained, they sent a form email saying that it would be looked into and the conclusion was that their security had not been breached. So, how did the bad guy get my email address?
jwhitley
Established
Another possibility is that the seller didn't succumb to a phishing attack, but had a password weak enough to be guessed by an attacker. The most common form of this is a "dictionary attack", wherein an attacker tries variations and combinations of common words, names, etc. to find weak passwords. You can pretty much assume that any site of interest will have attackers probing for passwords this way.
This is why it is critically important to use a strong password with services such as eBay, PayPal, and so forth.
This is why it is critically important to use a strong password with services such as eBay, PayPal, and so forth.
charjohncarter
Veteran
nikonh.........., Nope. I just win something and pay. I have never returned anything although I should have, never asked a dealer a question, and I use ebay very occasionally.
charjohncarter
Veteran
That incident really bothered me. Because the same thing happened to a friend of mine, but he bit and got stung, bad.
pschauss
Well-known
I had a close call with a phishing attack a few months ago. I received an email which appeared to have come from an Ebay user, sent via Ebay's email system, requesting shipping information for some item that I was supposed to be selling. (I had nothing listed at the time.). My first thought was that my Ebay account had been hacked, so I clicked on the link to the item to see what he was talking about. This took me to the Ebay login screen where I immediately noticed that the id field was blank where it would normally have remembered my id. At that point I looked at the URL and realized that it was a fake website.
RichardB
Well-known
If I get any type of email from eBay or PayPal, I log onto thier respective websites to answer rather than answering the email or clicking on any link sent. It's the only way to be secure.-Dick
40oz
...
it's really easy to fake the "from" address in an email. Because there is no such thing, really. It's not like a phone number where you have to be at some phone in order to make a call. You don't have to have an email address to send an email.
The only reason there is a "from" address at all is so you can reply. It's convention to have one, but it's never been an indication of the source of the email.
The only reason there is a "from" address at all is so you can reply. It's convention to have one, but it's never been an indication of the source of the email.