Ebay identity stolen again! (1 Viewer)

[Patrick Sun]

Somehow, someone has used my Ebay identity to fradulently list another 2 laptops for sale once again. I just happened to check Ebay the other day and noticed that I got my 1st negative feedback, and it was for non-response to a "completed" auction, and that's when I learned that someone used my Ebay account to post the bogus auctions.

The weird thing is that I never got the 6 emails this person claims he sent my way, and Ebay never alerted me to anyone changing the Ebay email address that's associated with my Ebay account. So this person just slapped me with negative feedback.

I don't know how my Ebay account keeps getting hacked, and the crook did so exactly one month from the first time he hacked my account (Ebay did help me out in that debacle). I don't know if Ebay will be as helpful this second time around, but I did report this incident as well (plus, requesting the removal of the $88+ in listing fees that the
2 laptops accrued by being listed and bidded on in those fraudulent auctions).

After the first time, I changed my passwords, and did what I could to protect myself. The saving grace is that I did not update my credit card information (the card had expired), so they can't ding me automatically for the listing fees.

I'm really tempted to just start over and retire my old Ebay account and say goodbye to my feedback history.

 

[Ryan Wright]

Patrick,
If you changed your passwords, then this is eBay's problem. Unless you're using easy to guess passwords, this points heavily toward a flaw in eBay's systems that they need to fix.
Please let us know what happens, especially as it relates to the negative feedback. eBay has an obligation to remove that. Unfortunately, from what I've heard, they'll probably tell you to piss off. :frowning:
Someone should start a better auction site. There are so many flaws in eBay's system - mainly procedural/administrative - that could be easily fixed in order to create a better, smarter site. Only problem is getting enough people to use it so you can break even on your costs, and perhaps eventually make a profit.
-Ryan

 

[Kevin P]

If your password was compromised twice, I'd check and see if you have some sort of backdoor Trojan on your machine that is sending your keystrokes or passwords to some hacker somewhere. It seems too odd that your account would be hacked twice.
If your computer has been infected with a virus, it could open a backdoor as well. Some viruses that do this include Weird, Badtrans, and the new Bugbear that's going around now.
And I second using a difficult to guess password. Dang, I should change mine.

 

[MikeAlletto]

Patrick you do know that '1234' is not a good password...right?

 

[Peter Kim]

Yeah, Patrick. Given that you've been victimized twice within a relatively short amount of time, I'd look within your own system to determine if there have been any compromised vulnerabilities. I've had my account for over 3 years and have never had problems - I'm sure my situation is the rule and yours is the exception.

If eBay cannot provide any answers, and you cannot diagnose any breach on your end, I'd start over with a new account.

 

[Malcolm R]

I got an odd email from Ebay a couple weeks ago:
Don't have any idea what it was about. Either someone tried to log in using my username and after a certain amount of failed attempts, it sent this "forget your password?" email to me, or someone was trying to use my log-in by mistake, didn't realize they had the username wrong, and clicked on the "please send password" option since they thought they'd forgotten their password.
What creeps me out is the "If you did not forget your password, please ignore this email" statement. Does the Ebay system just send random email occasionally, necessitating such a statement? Very strange.

 

[Patrick Sun]

Malcolm, if I were you, I'd go and check my Ebay account for suspicion new auction listings and if they went to completion.

I use Norton, and it does a daily check for viruses, and it has never found one yet, and I did the Live Updates to get the most current virus definitions.

The only thing that I can think of is maybe some PTP software I have running in the background might allow some people to hack into my system and sneak a peek at my new passwords. I really don't know, though.

 

[PatrickM]

Patrick,
Have you gone to http://www.lavasoftusa.com/ and downloaded and run Ad-Aware? It works quite well in removing spy-ware type software.
Patrick

 

[Malcolm R]

Malcolm, if I were you, I'd go and check my Ebay account for suspicion new auction listings and if they went to completion.

I've checked every couple of days since then...all seems well.

 

[Jeff R.]

One thing I noticed about the account login on Ebay is that it is not a secure login by default. If you want to use the secure login, you have to click on the tiny "secure sign in" button in the corner. I would guess that most people use the default unsecure login which anyone sniffing packets would be able to capture the login names and passwords.

 

[Vince Maskeeper]

Malcom.

Did that "forgot your password?" emailactually point to a real ebay server? I have gotten dozens of emails nearly identical to that which pointed to faked ebay servers (ebay.password.x.com)-- used by hackers to get unsuspecting people to type in what they "think" their old password was...

-Vince

 

[Malcolm R]

Vince,

It seemed legitimate to me, but I don't know if I'd recognize a fake one.

 

[Danny R]

It is also possible that someone is "sniffing" your password from the network along the way.

Always best to use the secure login on ebay rather than the standard one. Why ebay doesn't offer ONLY that choice is beyond me.

 

[Scott Merryfield]

Patrick,

Another way to combat a possible Trojan horse program that may be running on your PC and capturing keystrokes is to run firewall software to block the transmission of info from one of these programs. ZoneAlarm is free and works quite well. Anytime a new application attempts to use my Internet connection, ZoneAlarm alerts me and asks for permission before allowing the connection.

If you have cable modem Internet service, some sort of firewall protection is a must, and it probably wouldn't hurt for dial-up use, either.

 

[Patrick Sun]

I've been using ZoneAlarm for over a year now. I'm pretty careful to "okay" the sites that ZoneAlarm flags me for permission to allow connectivity into my PC. I'm really perplexed by all of this.

I did update my AdAware installation, did a deep scan, it came up a popular PTP-sharing application entries, and a lot of double-click cookies. I had AdAware remove them all.

I also use Norton Antivirus, and it does a daily scan, and I do the Live Updates regularly.

 

[KyleS]

Damn you sure are un-lucky Patrick I remember the last time you got your password hacked and that didnt seem too long ago. Best of luck getting this taken care of.

KyleS

 

[TonyD]

patrick i received this email a little while ago. it seems this person is scamming people with lap top sales on ebay. maybe it is connected to your situation somehow.
>
>
> Hello,
>
> Records indicate that you were involved in a transaction with
> "electro_depot" on eBay. "electro_depot" is being investigated for its
> business practices by several federal and local agencies. To date, over a
> hundred people have lost over $300,000 in this and related cases of
> fraudulent laptop sales on eBay. Many people who have lost money in
> transactions with "electro_depot" have combined their collective efforts and
> are currently working together to get refunds for their losses and see
> that justice is served on the perpetrators of this scam.
>
> Was your experience with this eBay seller a positive or a negative one?
> Does "electro_depot" still owe you a computer or a refund check?
> Do you have a story you'd like to share about your transaction with
> "electro_depot?" Please reply to [email protected].
>
> If would like further information, or if you have any questions or concerns
> please see Link Removed or
> Link Removed
>
> Thank you for your time. This is a one-time email and we
> will not contact
> you again.
>
> --
> Miles Duffy
> Scam Victim

 

[Anders Englund]

Patrick you do know that '1234' is not a good password...right?

Amazing, that's the same code I have on my luggage!
--Anders