EBAY security problem. WATCH OUT FOR THIS!

sonoranmonsoon

I hit a new problem on ebay yesterday that I thought I would share with you. While searching through coin listings, I came upon one that I wanted to look at. When I clicked on the auction, the auction did not appear. Rather, a page that looked identicle to the ebay sign in page appeared. Occassionally, this happens when you time out. I thought nothing of it and signed back in. This took my back to the page with the listings. I clicked on the same auction, and was again asked to sign in. At that time I thought there may be a problem with my account, so I hit the back page and clicked on another auction. No problem. Unfortunately. at that point, a 3rd party had access to my account. I am pretty savvy at avoiding the fake emails, but was unaware, that someone has figured out how to get my information within the ebay system. A few hours later, new listings for cars appeared in my ebay store. I never listed these items. I notified ebay, and my account was temporarilly suspended. It took 4 hours to cancel the auctions, get the listing fees reversed, change my password, and convince ebay to lift the suspension. If you click on an auction in ebay, and are sent to the sign in page rather than the auction details...DO NOT SIGN BACK IN! Either back page your way out, or re-enter ebay through a new window. I look at nearly 300 coin and stamp auctions daily on ebay, and had never run into this before. It looks like a new security breach that ebay will have to address. Just wanted to give everyone a heads up, so they don't go through the hassles I did yesterday.

MJPHELAN

These people just keep getting better at this. Thanks for the update.

docday2003

Yuck, and thanks!

Russ

Another forum member pointed one of these out to me recently. The slimeballs are coding the auction with a re-direct. eBay normally prohibits this type of scripting in the html, but somehow they've figured a way around it.

Russ, NCNE

segoja

That one's pretty tricky!!!

Thanks for the heads up!!!

WaterSport

It just keeps getting worst. These folks are desperate for OUR money!

WS

Stooge

SONORANMONSOON:

I can't tell you how much I appreciate the fact that you let us know this. I too was duped by one of these shady E-mails and it took a week to straighten out everything, including my bank accounts and everything else. I wrote this long post regarding this and I hope that I was able to help others stay clear of these jerks!

Thanks,
Paul.

spoon

So this is happening on the actual ebay.com server?? not one of those dummy sites that always come up in google searches?

AuldFartte

Thanks for letting us know. Very useful information

sinin1

are you sure?

I think the scammers got your code some other way


why didn't they change your email address and access code?

usually when someone is going to list on your account, they change everything and all you get is the eBay bill, and complaints fior non-delivery

Trooper

I loaded the Ebay toolbar on my laptop and there's a "account guard" tab that turns green when you are on their site.
Also if you ever enter your ebay password on a site other than Ebays it warns you that "this isn't a Ebay site are you sure you want to send your password to this site"


Anyone else use the toolbar?

cointime

Trooper,

Yes, I use it and it has worked very well so far. I have not had any problems yet. Here is a link to the help page.

Ken

sinin1

I changed my password just to be safe since I have been typing in my password for the last 3-4 weeks

from now on I will check the address before typing in my password



there isn't any way to change the address shown on my browser is there?

what I meaqn is if it says https:/login.ebay.com/XXXXXXXXx

it is always the ebay site - correct?

sonoranmonsoon

Yes it did happen on their actual server. I have been selling on ebay since 1998 and have been a power seller for quite a while. I am very careful and somewhat savvy about avoiding this problem (at least I thought so). The event did happen by clicking on the bogus auction and signing back in. I checked the discussion board on ebays security system. I noticed some other posts recently that this same problem showed up. Ebay did advise me to load up their security tool bar. I have held off, because I have loaded other toolbars similar to this when they first came out (google comes to mind). They sometimes caused a lot of trouble with my other protection software. I will probably install it eventually, I just want it to be around awhile first, just to make sure they work out any bugs.

sonoranmonsoon

I am glad to hear several of you have had good luck with the ebay security toolbar. I think I will load it up now, rather than wait. Thanks, Joe.

rb7557

Hey sonora. Last Sunday I listed a few items for sale, and had a start time for Monday afternoon. Monday morning, I log in to check on something and I had 23 high end electronic items listed in my account. I never did figure out how it happened. But having had the bad fortune of being hijacked one other time, the first thing I did was go and change all my passwords. Then I emailed ebay about the situation.
I checked back in about 10:30 a.m. and the auctions were still listed. So I played with the perp a bit and cancelled a few of his auctions, and they all had bids. For lunch I went and emptied most of the $ from the account tied to paypal. Then by the end of the day, ebay had suspended me, ended all the phony auctions, and reinstated me. And all the scheduled auctions started as planned. Maybe this is how they got my account info. Thanks for sharing.