Bad Day on eBay --
Hacker Hijacks a Seller's Account
by Paul Wood
Shoreway77.com Here’s a story that illustrates what will happen if you click a link
in a fraudulent eBay e-mail. It explains how some con artists are
getting rich by sending such messages to unsuspecting sellers who click a link
to a fake Web site and reveal their password in the process. The good
news is that eBay is quick to act here--provided you can reach them
by phone, which is difficult.
My wife, Lenora, and I have been running a small business on eBay for
the past six years. Lenora designs sewing and scrapbooking patterns and
we buy small animal figurines wholesale and sell them on eBay. Our
average sale is about $10.00. We won't get rich, but it helps in our
retirement years.
Over the past six years we have worked very hard to build up a good
reputation as an eBay Seller. We never advertise anything that we don't
have on hand, which enables us to ship our customer purchases very
quickly. We give excellent customer service such as taking returns with
no questions and giving full refunds including the shipping and
handling. Out of a
possible 100% rating with eBay, we have a 99.9% rating for the six years
of doing business.
We usually advertise from 25 to 50 items per week. eBay charges an
insertion fee for every item advertised whether it is sold or not. When
an item does sell, eBay charges a final sale charge. So the idea is to
advertise items with the best chance to sell. On the day I discovered
this scam, I had an auction ending soon, and there were just 12 items
left in it the last time I looked. So you can imagine my surprise when I
noticed that I suddenly had 166 items being advertised. I immediately
went to my auction page. What I saw was enough to give an old man a
heart attack. Somebody had taken over my account and was advertising
items like laptops and, of all things, a Sky Diving Kit. Every item was
advertised for $90.00 each, and the insertion fees on these items, which
amounted to over $500, had been charged to my Seller Account by eBay.
How This Happened and
How We Resolved the
Problem
I discovered this about 3 p.m. that day. Somehow a
scam artist got hold of my eBay password and listed all these items with
a 24 hour limit. He had placed an "#000000" address in the description
of each item asking the bidder to contact him for payment instructions.
The person who had hijacked my eBay account had set
all his items to expire in 24 hours. In the next few hours I received
over 20 e-mails from customers with questions about the items he was
selling and 9 customers had placed bids. There was potential for big
problems for me. People would be sending their payments to him and
expecting me to ship the items. eBay would charge me for the insertion
and final sale fees. What could have happened is that I would have had
to pay all the expense, the scammer would have received the payments
from the customer, the customer would have received nothing, and I would
have had a lot of unhappy customers and complaints directed at me.
eBay makes it difficult to get to talk by phone to
somebody about a problem you're having. They don't show their phone
number anywhere on their web site. They want you to use e-mail and they
promise to get back to you within 24-48 hours. But in our case, that
would have been too late. I immediately sent two e-mails to eBay, but of
course it was too early to get a response. In the meantime, I received
two e-mails from other eBay sellers telling me that it looked to them
like my account had been hijacked. (They noticed that the items being
advertised were not what we usually advertise. I appreciated that!)
My wife came home from work about 6 PM and she remembered that, about
five years ago, she had acquired eBay's phone number and she was able to
find it. Over the next hour we were able to get the whole thing
straightened out with eBay's help. They immediately canceled all the
items that had been put up on our account, then notified any customer
who had submitted a question to me or placed a bid. All I had to do was
make some changes--passwords, etc.
Once I had the eBay phone number and was able to talk to someone,
eBay handled the whole thing in a very professional way. But for about
five hours that day, it was "Panic Time."
I have since learned that the most common way for somebody to gain
access to your eBay password is to send you an e-mail that looks like
it's from Ebay (they are very clever). All you have to do is open the
e-mail and they have access to your information. We have been pretty
good at spotting these fraudulent messages, but apparently I missed one.
Copyright 2006 by Paul Wood
Editor's Note:
If you Google the phrase "hijacked eBay Account" you’ll find nearly half a million web pages on this topic,
illustrating the severity of this problem. (The FBI reportedly receives calls
about this problem every day.) Here are a couple of articles I found very
informative:
What to Do If Your eBay Account Has Been Hijacked.
You’ll find a wealth of practical tips on what to do if your account has been hijacked, as well as what to do to prevent this sort of thing from happening to begin with.
Hijacked eBay Account Reminds About Need for Vigilance.
EXCERPT:
"The e-mails set off an alarm as soon as I read them. One
‘verified’ that the password change on my eBay account had been successful.
A second message reported that the ‘hint’ question to recover my password
also had been switched at the giant online auction site. I didn't do either.
Someone had hijacked my eBay account."
Copyright © 2000-2008
by Barbara Brabec
All Rights Reserved
Barbara Brabec's World
BarbaraBrabec.com
|
