eBay Change Email Notice

Off topic posts are welcome in this forum!
No smear campaign, or you will be banned!

Moderator: Mike Everman

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

eBay Change Email Notice

Post by WebPilot » Wed May 13, 2009 12:48 am

BE WARY !

Over the weekend, someone had hacked into my eBay account and placed a Mercedes Benz for $US200 up for auction as if I had done so. The only reason I caught it fairly quickly was that I was involved with an auction and the perp changed my email address with eBay; I received an email entitled, eBay Change Email Notice, from eBay.

I didn't follow the emailed link, since I thought it may have been a scam/phishing email. I was already logged into eBay, so I checked my eBay from there. From inside I found I had an item up for sale and I owed eBay money for setting up the auction.

I spent an hour with an eBay agent before sorting this out.

It's unclear to me how the culprit managed to pull this one off. I was already using a strong password, at least according to eBay suggestions.
Image

tufty
Posts: 845
Joined: Wed Dec 24, 2003 12:12 pm
Antipspambot question: 0
Location: France
Contact:

Re: eBay Change Email Notice

Post by tufty » Wed May 13, 2009 1:21 pm

WebPilot wrote:It's unclear to me how the culprit managed to pull this one off. I was already using a strong password, at least according to eBay suggestions.
The strongest password in the world won't help if your system is infested with spyware. Alternatively, if you are using the same password on your ebay account as you are on (for example) this forum, and your email address is the same on the two, and the forum gets hacked - well, I think you can see where I'm going with this. There's loads of ways for your password to get out "into the wild".

I'd strongly suggest checking your paypal account if you have one

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Wed May 13, 2009 4:07 pm

The strongest password in the world won't help if your system is infested with spyware.


I shouldn't be infested since I use Linux; but honestly, I don't know for sure.
Alternatively, if you are using the same password on your ebay account as you are on (for example) this forum, and your email address is the same on the two, and the forum gets hacked - well, I think you can see where I'm going with this.


It's a habit of mine NOT to use the same one for different sites.
I'd strongly suggest checking your paypal account if you have one
No worries. I let that account lapse some time ago, for I feared this very same thing would happen to it.

Thanks for the reply, Tufty.
Image

tufty
Posts: 845
Joined: Wed Dec 24, 2003 12:12 pm
Antipspambot question: 0
Location: France
Contact:

Re: eBay Change Email Notice

Post by tufty » Thu May 14, 2009 1:12 pm

WebPilot wrote:
The strongest password in the world won't help if your system is infested with spyware.

I shouldn't be infested since I use Linux; but honestly, I don't know for sure.
D'oh. I knew that. In which case, it's probable, assuming your linux box hasn't been r00ted, that your password got bruteforced or you account got hacked through some known or unknown security hole in eBay. You're certainly smart (and paranoid) enough not to respond to the usual phishing emails, as evidenced by your original post.
Alternatively, if you are using the same password on your ebay account as you are on (for example) this forum, and your email address is the same on the two, and the forum gets hacked - well, I think you can see where I'm going with this.

It's a habit of mine NOT to use the same one for different sites.
Good man. Paranoia rules.

Here's a thought: have you ever accessed your ebay account through a public or other non-secured terminal, or using a wifi network without using https? Can't remember if the non-https signin for ebay still works (and can't be arsed to check).

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Fri May 15, 2009 1:05 am

It is disturbing to me what I can find about eBay security, hacks etc. by simply Googling. Video how-tos are on youTube and elsewhere.

I found a particularly disturbing post here, date unknown:
How to hack Ebay, or Why I will Never Use Ebay Again.

Now with eBay forcing sellers to use PayPal, I now no longer trust eBay to protect me before something bad happens.

Unbeknownst to me, I may have simply logged in to eBay using a phishing website when I wanted to ask a seller a question.

Caveat emptor
Image

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Fri May 15, 2009 2:15 am

Image

tufty
Posts: 845
Joined: Wed Dec 24, 2003 12:12 pm
Antipspambot question: 0
Location: France
Contact:

Re: eBay Change Email Notice

Post by tufty » Fri May 15, 2009 6:30 am

WebPilot wrote:It is disturbing to me what I can find about eBay security, hacks etc. by simply Googling. Video how-tos are on youTube and elsewhere.

I found a particularly disturbing post here, date unknown:
How to hack Ebay, or Why I will Never Use Ebay Again.

Now with eBay forcing sellers to use PayPal, I now no longer trust eBay to protect me before something bad happens.

Unbeknownst to me, I may have simply logged in to eBay using a phishing website when I wanted to ask a seller a question.

Caveat emptor
Yep. It can actually be worse (i.e. more likely to confuse) than that article explains - assuming you're evil, if you name your form fields right, and set the original target of the form to the *actual* ebay login target, and change the target later using javascript (or use other trickery), you can make the client's browser autofill their name and password, just like it would for a real ebay login page. If you're really cunning, you can make it save the login and password before passing the data on to a real ebay login page, so the action is *absolutely indistinguishable* from the real ebay login page.

Obviously, you can substitute "ebay" for many other sites, but ebay is a big target, and, as that article says, they are "slightly" lax about security, rather preferring to spend their time forcing you to use *their* payment system...

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Fri May 15, 2009 7:22 pm

It's hard to say with any certainty, since I've been all over eBay looking for bike parts, but I feel a redirected login page from inside eBay is what happened to me.

My guard is up; half.com will never get credit card info from me and I will never use paypal. I'll have to give someone a few dollars to sell my items and I use mo's to pay for any items that I may win.
Image

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Sat May 16, 2009 2:48 pm

I'll have to pay more attention to the lock in the lower right hand corner
of Firefox whenever I logon to eBay ...

Image

... but from what I am reading,
this does not assure 100% safety from phishing!
Image

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Sat May 23, 2009 3:33 pm

Things have appeared to return to normal since the attack to my account; I've won two auctions.
Image

Rossco
Posts: 589
Joined: Fri Nov 28, 2003 12:16 pm
Antipspambot question: 0
Location: Australia, Brisbane
Contact:

Re: eBay Change Email Notice

Post by Rossco » Sat May 23, 2009 10:42 pm

Same thing happened to me at one stage.

I got redirected on my way to ebay, signed in, re-redirected back to real ebay without knowing a thing.
Dont use a login page as a shortcut in your favorites.
Similarly, i had an auction going or was watching one and found my outbox full. "I" had been sending emails to anyone bidding on anything offering them the same thing they were bidding on for a greatly reduced price. Wasnt that nice of me, although i do wonder how i was going to send their items after payment had been recieved!


Be paranoid! but, you also have to live in this world of instant everything. Put the measures in place for the things (like ebay) that are extreamly usefull and have good customer service fixing messups as they happen and ignore the rest and what "could" happen.

I just dont think that i could stand by the wall to talk on the telephone, bodily move myself to the bank to do a transaction or actualy try something before looking on youtube to see what will happen anymore. Wow, that sounds bad.
BUT, a good book, printed who knows when is still a good book and hiking somewhere away from everything just to be there and to BE away from everything is even better now.


Rossco
Attachments
observe.gif
Gotcha now!
Big, fast, broke, fix it, bigger, better, faster...
[url=callto://aussierossco]Image[/url]

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Mon May 25, 2009 4:39 am

I appreciate your confirming my belief "I couldn't be the only one to fall for this."

Yes, that sounds bad.

Well, I can't use that password anymore now that you've plastered it all over the I'net. :?

Just kidding. Thanks for the response, Rossco.
Image

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Wed May 27, 2009 7:01 pm

My two expected pkgs. arrived yesterday and today. So, I wasn't dealing with imaginary sellers. I paid with money orders (postal).

All's well.
Image

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Thu Jun 25, 2009 4:10 am

I found 4 new wheel bearings for my motorcycle today at $18 bucks on eBay. They are normally $12.50 a piece. "I just gots to have them !"

So ... here we go again.
Image

WebPilot
Posts: 3716
Joined: Tue Dec 07, 2004 6:51 pm
Antipspambot question: 0
Location: 41d 1' N 80d 22' W

Re: eBay Change Email Notice

Post by WebPilot » Fri Jun 26, 2009 4:27 am

Image

Image
Now I found these NOS with the 'clippies'. $18 plus $5.95 S&H.

maybe ...
Image

Post Reply