Updated in 1st post. Caution to all EBay account holders
derryb
Posts: 36,349 ✭✭✭✭✭
UPDATE: Discovered the login 2 step process for ebay accounts. After entering login password, I get an instant text with a six digit numerical code to complete the login. Great added security. To enable the 2 step process go to account settings, then personal information, then scroll down and edit "2 step verification." I have confirmed that a single cell phone number can be used for multiple ebay accounts.
I practice all the precautions to protect my ebay account. No clicking on email links, change passwords regularly, etc.
However a scammer recently made two unauthorized purchases from my ebay account and had them shipped to an address he added to the account.
Here's what ebay and paypal told me likely transpired:
Thief, possible a former buyer from my ebay account, somehow gains access to my ebay account. He then adds his address, leaving mine in place and makes couple of purchases (in my case $175 and $200 from two different sellers). He doesn't take over my account, I'm still able to log in normally. He goes to my "purchases" and "hides" them in "purchases" so I won't see them. The only way I know about the purchases is I get emails from ebay notifying me about the recent purchases. So, I call ebay within 24 hrs of the purchases and put a stop to them.
According to ebay, thief was testing the account with small purchases to see if they got noticed. He did not want to alert me by changing login info. If not noticed by me he would have followed up with much larger purchases. How he was able to pay for them with my password protected paypal account remains a mystery. Paypal says he likely did a "Guest checkout" from ebay which could have made the charge automatically go to my paypal account without him logging into my paypal account.
The added name and address remains a mystery. Ebay says they will file police report on it in applicable city, but likely the buyer contacted seller and told him he recently moved and to use a different addresss. Seems the trail of addresses would eventually lead to the thief unless he's smarter than I can figure out.
Take note of this: I nor paypal were ever able to see the payments for the bogus purchases in my paypal "summary" list; they did not show up there. The way I found out my paypal account was used was, while viewing each purchase in my ebay hidden "purchases," I clicked on "more actions" and then "view paypal transaction." After a few "We are not able to find this transaction id. Can you please check and try again later" I was eventually shown the full paypal details of each purchase including the paypal transaction ID. When I gave this ID to paypal they were then also able to see the unauthorized charge that they could not see in the summary.
Thankfully ebay and paypal were both quick to make everything right and get my funds returned to my account.
The takeaway from this experience is : In addition to the normal account protection precautions add a constant check of recent purchases to the list.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
Comments
This is scary. Thanks for the heads up!
Thx for the wsrning.
I am still hung up.on the scammer "somehow gained access". There are devious minds at work and I hope the exact method for their activities can be determined.
In the meantime, without the exact explanation, I'd be more concerned that your computer was hacked and they got your passwords by watching you log in.
Wow, seems like both Ebay and Paypal gave just the right tools for this to happen. Fortunately it was easy enough for you to undo. Why would anyone ever want to hide transactions on their own account?
Collector, occasional seller
For purchases, to reduce the list to just the recent ones that have not been delivered. List can get pretty long for someone who shops like my wife.
I do have a problem with someone who gets into my account being able to do a "guest checkout." Ebay told me I could not opt out of this feature.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
Yikes! Thanks for posting that. appreciate the warning.
Also, don't forget that effective Oct. 11 paypal will not return your original paypal fee when you give a paypal refund:
From paypal:
"Earlier this year, we notified you that we were updating our User Agreement to change our refund policy. We want to let you know that the policy change is going into effect beginning on October 11, 2019. In line with industry practice and according to our updated policy, we will not charge a fee to process refunds, but the fees from the original transaction will not be returned. This policy will not apply to duplicate transactions, voids and most disputed transactions. You can review the PayPal User Agreement for more information on our return policies."
Of course I will be adding this to my item descriptions:
"REFUNDS: While I will gladly and promptly provide paypal refunds on returned purchases, your refund will not include the paypal fee (2.9% of the purchase price) I had to pay paypal to accept your payment. Paypal no longer refunds this fee to sellers when they refund payments to the buyer. Since you and I both will know that you received what was described, It is only fair that you eat the fee for choosing to return the item."
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
Why would EBay allow for a "guest" checkout and an ability to "hide" any transactional details from the known account holder? An account holder is the targeted victim and the only one who can recognize any fraud. Peace Roy
BST: endeavor1967, synchr, kliao, Outhaul, Donttellthewife, U1Chicago, ajaan, mCarney1173, SurfinHi, MWallace, Sandman70gt, mustanggt, Pittstate03, Lazybones, Walkerguy21D, coinandcurrency242 , thebigeng, Collectorcoins, JimTyler, USMarine6, Elkevvo, Coll3ctor, Yorkshireman, CUKevin, ranshdow, CoinHunter4, bennybravo, Centsearcher, braddick, Windycity, ZoidMeister, mirabela, JJM, RichURich, Bullsitter, jmski52, LukeMarshall, coinsarefun
something else to worry about.
So if someone pays through PayPal, which in the majority of transactions through eBay is certainly the case, and they wish to return the product they bought, PayPal finds it in their heart of hearts to keep the 2.9%?!
Ebay and PayPal seem hellbent on losing customers.
Dead Cat Waltz Exonumia
"Coin collecting for outcasts..."
Me too that!
I always worry about "somehows."
edited to add that I am a devout fan of the full version of Malwarebytes.
Even more than CAC.
Possibility of a trojan or key sniffer.
When did you get that email notice? I haven't received it that I know of!
Thank you for the heads up
Thanks for the information @derryb.....It is really good to publicize such issues. Cheers, RickO
Good luck with that.
Collecting 1970s Topps baseball wax, rack and cello packs, as well as PCGS graded Half Cents, Large Cents, Two Cent pieces and Three Cent Silver pieces.
Sounds like your PC/laptop may be infected. Maybe a keystroke logger?
"A dog breaks your heart only one time and that is when they pass on". Unknown
All credit cards already do this
Any recent visitors, repairmen, housesitter, relative, child's friend, overnight guest, you-name-it?
Someone who might've accessed your computer. And maybe your computer remembers your ebay password.
I'm not that tech-savvy, but I wonder if your computer can be accessed thru your wifi.
Successful BST transactions with forum members thebigeng, SPalladino, Zoidmeister, coin22lover, coinsarefun, jwitten, CommemKing.
Desktop access only. running top of the line antivirus and top of the line malware protection. I check installed program list daily.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
Wow...thanks for the heads up. Any chance of a follow up investigation with Paypal's security to uncover the "mystery?"
What I don't understand is...don't you need a password for a guest checkout? On the other hand, wtf is a guest check out?
Is PayPal a credit card? When I have the account linked to my checking account, why do they need my 2.9% for making a legitimate return?
Dead Cat Waltz Exonumia
"Coin collecting for outcasts..."
Because processing a transaction and a return is actually 2 transactions not 0. Google it. I did. That's how I found out it was standard practice and what the justification was.
see the OP of instructions on turning on the 2 step login process.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
There is also another two step process without the 6-digit passcode.
Works very similar but instead of a 6-digit passcode an alert is sent to your smart phone to authenticate log-in, click the button that appears on the phone and your in.
This work from laptop Bay login to phone authentication or Bay phone app to phone authentication.
Scary to say the least.
My War Nickels https://www.pcgs.com/setregistry/nickels/jefferson-nickels-specialty-sets/jefferson-nickels-fs-basic-war-set-circulation-strikes-1942-1945/publishedset/94452
I decided to do this extra level of verification.
Just because you are paranoid doesn't mean that they are not out to get you!
Thanks for the warning. Extra security added.
If you re buying something thru a website as an infrequent or one-time purchase, then instead of creating an account there you check out as a guest. None of your financial info is saved which you shouldn't be doing anyway.
Is there 2 factor login for PP does anyone know?
yes under settings, then security, then 2 step verification. Unlike ebay, cell number can only be used in one account. More options available after you click on 2 step verification.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
tell me how to get this. would like to use with my desktop login.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
@derryb
Under my account and security info there should be these options displayed (select, Bay Verify):
After it's activated. When you login with your UN/PW, it'll display the screenshot below, this is your signal to look at your smart phone:
Click the button that appears on the smartphone (see screenshot below) and you've completed the alternate 2-step login process, much more convenient and don't have to remember or copy/paste the a code.
Note that you will need to have the Bay app installed on your smart phone.
Here is something to make you think twice about giving out your phone number.
I use prepaid cell phone service because for $40 a month I get all the calls, texts and internet usage I need and its a lot cheaper than contract service. Once or twice a year I go over my data limits and my internet speed slows to a crawl so I transfer my phone number to an older phone I have and this resets my data limits for the month with no added charges.
I am able to transfer my phone number no questions asked, through the automated prompts, I just key in the number I want to transfer and in a minute or two its done with no verification to see if I have usage rights to that number and no notification is sent to the phone the number is being transferred from.
This makes it very easy for scammers to grab a persons phone number and with the right amount of other personal information take over their accounts that have 2 step verification. By the time the victim realizes what is going on, the criminal could have done a lot of damage to your accounts including email, ebay/paypal/amazon, banks, etcetera. No the criminal might not immediately benefit from doing this, but they sure could cause someone a lot of unneeded hassle trying to reverse the damage. It also leaves an open door to ID theft at some point down the road if you have your phone number linked to all your accounts.
I am very surprised it is so easy to port a phone number especially when companies try to use your phone number as a form of identification.
I treat my phone number like my social security number and I fight about having to give it out unnecessarily. For shopping reward cards, I use my area code and 555-1212 with no hassles. Besides, why does a retail store need my number except to harass me with telemarketers and when I do get those types of calls, I mess with the person on the other end; usually by playing the old senile geezer who cant hear very well.
I am sure at some point in the future, what I have just said, will be used to commit crimes because the police, banks, businesses, and credit card companies don't take ID theft serious enough unless the dollar amount is substantial.
I use my cp for phone calls only when not at home. Consider me a modern day Dinosaur.
same here except I now also use it to get logged into ebay on my desktop with the 2 step process. What I also like is that if someone else gets my ebay password and tries to log in, I'll get the 'second step' six digit code on MY cellphone telling me it's time to change the ebay password.
"When the rule of law collapses, civilization can no longer survive." - Martin Armstrong
I don't think that will work with a random phone. It would work with your spare phone because the SIM card was probably already registered with your service provider. Try it with a friend's phone, I'll bet it won't allow you to activate the phone number. Although maybe the prepaid cell phones operate differently.
There are phones (and services) and there are phones (and services). All depends on the $.
And I still have a landline it served it’s purpose but now serves an additional purpose for all the random people saying we “require” a number. After a few years under this number the caller might get promoted to the other number.... (where I might call back).
Change is hard, that’s why I keep them in rolls.
Just like my email: nospamme@whateveritisatnospam.com or whatever comes to mind.