• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

Archived

This topic is now archived and is closed to further replies.

Cautionary tale about an eBay hack experience

Started by mysterio,

13 posts in this topic

mysterio

mysterio

Posted
Posted

This morning I woke to find an e-mail from eBay that my e-mail address with them had been changed. At first I thought it was phishing, but noticed my real name and user name and realized it was a legit e-mail from eBay. So I checked my account (my password still worked) and found that my contact e-mail address and phone number had been changed, but nothing else. So I changed them back, changed my password, then checked my activity. Turned out that I had bought about 15 iPhones and two laptops while I slept. All of these fraudulent purchases were from 0 feedback sellers. Fortunately eBay customer service was helpful and deleted all the fraudulent activity.

 

At first I couldn't figure out what the angle was, but I'm guessing that if my Paypal password had matched my eBay password (which it doesn't) then they would have paid for my "purchases" and drained my credit card/bank account. I'm still not clear on why they wouldn't have changed the password though.

 

Anyway, I just wanted to post this as a warning to take e-mail change notices seriously as they may not be phishing. Check your accounts to make sure that some subtle change hasn't been made to your account info.

Link to comment
Share on other sites
mysterio

mysterio

Posted
  • Author
Posted
I'm still not clear on why they wouldn't have changed the password though.

 

Damn it. Foiled again!

 

:whistle:

 

lol I traced the IP address the change was made from and it came up as Los Angeles. Aren't you out there? :baiting:

 

As for reporting the e-mail and phone number, those are Xed out even in your own account. And even if I did have them they are likely throwaway accounts anyway.

Link to comment
Share on other sites
mysterio

mysterio

Posted
  • Author
Posted
This is why my eBay and PayPal accounts are not linked. It would be easy to link them but I prefer separate accounts with different passwords for this very reason. Thanks for the info and glad it worked out.

 

I hate having a bank account linked to Paypal and this was the last straw. I deleted it this morning. What I may do is set up a separate account that I can funnel money into and out of for the purposes of making/receiving payments, but only keep $100 or so in there at any time. I can transfer money into/out of it as needed to make payments though. At least with my linked credit card I can dispute any fraudulent charges. And keeping separate eBay and Paypal passwords is an absolute must.

Link to comment
Share on other sites
mysterio

mysterio

Posted
  • Author
Posted
So did you get emails that you were bidding on or buying all those 15 iPhones?

 

Nope. I finally got two this morning, AFTER I had changed everything back. My guess is that changing my e-mail address was at least partially to prevent notifying me that I was bidding on a slew of iPhones. Four in the morning is a pretty great time to make that change, as they got nearly four hours of access to my account before I caught it. I was a little surprised there wasn't more damage.

Link to comment
Share on other sites
RockMyAmadeus

RockMyAmadeus

Posted
Posted
I'm still not clear on why they wouldn't have changed the password though.

 

Damn it. Foiled again!

 

:whistle:

 

lol I traced the IP address the change was made from and it came up as Los Angeles. Aren't you out there? :baiting:

 

 

:o

 

I'm currently in the SF Bay Area.

 

Phew!

Link to comment
Share on other sites
Davenport

Davenport

Posted
Posted
Anyway, I just wanted to post this as a warning to take e-mail change notices seriously as they may not be phishing. Check your accounts to make sure that some subtle change hasn't been made to your account info.

I've posted about this before, getting multiple "eBay Reset Your Password" emails. Constantly, sometimes several a day.

"This email was sent automatically by eBay in response to your request to reset your password. This is done for your protection; only you, the recipient of this email can take the next step in the password recovery process."

 

I just delete them. It's been going on at least a year. And now a new wrinkle: A phone call, twice now... Caller ID shows "Ebay Inc.", automated voice..."If you're expecting this call press two." I don't respond. It repeats the request, then hangs up.

Link to comment
Share on other sites
Go to topic listing