eBay - another unusual, but real email
Wolf359
Posts: 7,657 ✭✭✭
Just had to reset my eBay password. Yes, the email is in "My Messages" folder. What's going on with eBay? After reading their reasons, I can't accept that any of them
happened to me, so I assume someone guessed it. I use windows type-ahead, so I never actually enter my password.
-------------------------------------
Subject: TKO NOTICE: A28 eBay Password Reset - xxxxxx Follow Instructions Immediately Received: May-16-06
From: eBay Expires: Jul-15-06
Dear xxxxxxxx,
It appears the password for your eBay account may have recently become compromised. As a result of this, we have reset your password and secret question
To regain control of your account, please complete the following:
1. Change the password on your personal EMAIL account to verify that it is secure and cannot be accessed by anyone other than you.
2. Change the password on your eBay account. To do so, click the "Forgot your password" link on the eBay sign-in page and change your password using the instructions provided.
3. Follow the steps below to secure your account:
> Click on the "Security & Resolution Center" link found at the bottom of most eBay pages.
> Click on the "eBay Account Protection" link in the "Online Security Resources" box. This will take you to the help page titled "Securing Your Account and Reporting Account Theft."
> Follow the instructions provided under "Securing Your Account".
As you take these steps, please be aware that you may need to repeat the instructions provided above or use the "Back" button on your Web browser to return to the "Securing Your Account" page.
We have provided some additional information below to explain how this may have occurred.
Unsolicited or "spoofed" email messages
There have been a number of email messages recently sent to eBay members asking them to click on links and provide their user ID and password. These unsolicited or "spoofed" messages appear to come from eBay Support, but in fact do not. eBay never requests sensitive information of this nature via email.
Any email sent to your registered eBay email address from eBay that affects your account, or from another eBay member via eBayâ??s member-to-member communication system, will now appear in the My Messages portion of your My eBay page. If you receive a questionable email that asks you to click on a link and it is not in My Messages, do not click the link or enter any information. Forward the email to spoof@ebay.com and we will respond to you within minutes to tell you if it was really from eBay. This also lets us take quick action on the fake website to help protect other members.
To learn more about these fake or "spoofed" eBay emails, visit the "Security & Resolution Center" link found at the bottom of most eBay pages followed by the "Stopping spoof emails and Web sites" under "General Online Safety."
Password guessing
If you use a fairly simple or easy-to-guess password, it is possible that someone could guess it after repeated attempts. For this reason, it is important to use a password that consists of a combination of letters and numbers and is not related to your user ID, name, or anything you buy or sell. It is also important to use different passwords for the various online accounts you use (email, PayPal, etc).
Computer viruses
There are a number of computer viruses in circulation that log and record keystrokes. It is recommended that computer users keep their virus alert software up-to-date and regularly check for operating system and web browser updates. A firewall for high-speed internet users is also highly recommended.
Any inquiries regarding your password or other information about your account can be sent to us by clicking "Help" on any eBay page and then selecting "Contact Us."
--------------------------------------
happened to me, so I assume someone guessed it. I use windows type-ahead, so I never actually enter my password.
-------------------------------------
Subject: TKO NOTICE: A28 eBay Password Reset - xxxxxx Follow Instructions Immediately Received: May-16-06
From: eBay Expires: Jul-15-06
Dear xxxxxxxx,
It appears the password for your eBay account may have recently become compromised. As a result of this, we have reset your password and secret question
To regain control of your account, please complete the following:
1. Change the password on your personal EMAIL account to verify that it is secure and cannot be accessed by anyone other than you.
2. Change the password on your eBay account. To do so, click the "Forgot your password" link on the eBay sign-in page and change your password using the instructions provided.
3. Follow the steps below to secure your account:
> Click on the "Security & Resolution Center" link found at the bottom of most eBay pages.
> Click on the "eBay Account Protection" link in the "Online Security Resources" box. This will take you to the help page titled "Securing Your Account and Reporting Account Theft."
> Follow the instructions provided under "Securing Your Account".
As you take these steps, please be aware that you may need to repeat the instructions provided above or use the "Back" button on your Web browser to return to the "Securing Your Account" page.
We have provided some additional information below to explain how this may have occurred.
Unsolicited or "spoofed" email messages
There have been a number of email messages recently sent to eBay members asking them to click on links and provide their user ID and password. These unsolicited or "spoofed" messages appear to come from eBay Support, but in fact do not. eBay never requests sensitive information of this nature via email.
Any email sent to your registered eBay email address from eBay that affects your account, or from another eBay member via eBayâ??s member-to-member communication system, will now appear in the My Messages portion of your My eBay page. If you receive a questionable email that asks you to click on a link and it is not in My Messages, do not click the link or enter any information. Forward the email to spoof@ebay.com and we will respond to you within minutes to tell you if it was really from eBay. This also lets us take quick action on the fake website to help protect other members.
To learn more about these fake or "spoofed" eBay emails, visit the "Security & Resolution Center" link found at the bottom of most eBay pages followed by the "Stopping spoof emails and Web sites" under "General Online Safety."
Password guessing
If you use a fairly simple or easy-to-guess password, it is possible that someone could guess it after repeated attempts. For this reason, it is important to use a password that consists of a combination of letters and numbers and is not related to your user ID, name, or anything you buy or sell. It is also important to use different passwords for the various online accounts you use (email, PayPal, etc).
Computer viruses
There are a number of computer viruses in circulation that log and record keystrokes. It is recommended that computer users keep their virus alert software up-to-date and regularly check for operating system and web browser updates. A firewall for high-speed internet users is also highly recommended.
Any inquiries regarding your password or other information about your account can be sent to us by clicking "Help" on any eBay page and then selecting "Contact Us."
--------------------------------------
0
Comments
Free Trial
it had a link in the email to "verify" myself. held the mouse over the link and the address is paypal alright, clicked the link,
but i'm not brave enough to enter my password.
went into paypal the regular way and there's no action required or any hint of a compromise.
only possible thing i could think happened is my wife made a purchase tonight and mistyped my password twice before figuring it out?
so maybe it is legit that there is concern, but they have always been clear not to click on links or ask for personal info from an email....
I don't know why ebay would be asking for yours. Windows autocomplete is only visible from your workstation to my knowledge. Strange.
<< <i>Maybe they got compromised from the inside. It would explain a lot of things. >>
I have been thinking the same thing. With all that has been written here on this subject, or similar ones, it certainly appears that something is going on. Whatever it is, eBay seems to be handling it in a rather clumsy manner.
I really have a feeling that there is more going on than meets the eye.
My prediction is that eBay is headed for a meltdown. The emails from eBay are apparently legit but their behavior is getting more bizarre daily. Based on Frank's and Laura's experiences I am guessing they hired new security staffers who are more paranoid and diligent (a good thing) but who don't know their own rules for customer interaction (a bad thing). Hopefully it's a training issue that will be resolved soon.
<< <i>Just got an email from"paypal" saying my account has been locked because of suspicious possible fraudulent activity. It then asked me to click on a link and provide them with information in order to unlock my account. I have ignored it thus as thus far my paypal account appears to be ok. Has anyone else received similar emails from paypal? Dave Weygant >>
Ignore it. I just got the same, and the link is bad (mouse over the link and read the address it goes to)
Free Trial
I guess they must think I'm small fish because I've been buying 21Ds like this one lately!!
eBay 21D
If I only had a dollar for every VAM I have...err...nevermind...I do!!
My "Fun With 21D" Die State Collection - QX5 Pics Attached
-----
Proud Owner of
2 –DAMMIT BOY!!! ® Awards
Bingo! There is your problem. eBay wasn't comprimised, your computer was!
Whenever you use "auto-fill" windows stores a hash file of the password using very poor encryption in a folder in the application data hidden folder in your profile. I would immediately go to another computer and change my passwords on EVERYTHING that I had autofill on. Then, you should disconnect your PC from the internet and run an antivirus program. This should turn up a program similar to jacktheripper.exe which is a very common program used to de-hash the encrypted password files.
I'm guessing you have some sort of messenger service on your PC. If so then immediately uninstall it. Even with a firewall, messenger programs are huge holes in your computer's system. Yahoo, AOL, even Windows Messenger are frequently used to hack into your system by hackers looking for something like passwords. You should also go into your "Services" folder and turn off any services that use messenger or services that you do not need such as remote logon or remote registry and even messenger service.
I hope you can get this cleaned up. I'd call eBay to verify after I had my password changed.
Anything that auto-types or auto-saves passwords is just asking for trouble.
Box of 20
Thanks...but -
Autocomplete foils keystroke logger software, which I'm much more concered about. I run anti-virus and 3 different spyware programs. Messanger softare runs under different XP acounts - I don't use it.
Point is, eBay changed the password, not anyone outside of eBay or else there would be a password
change message from ebay in My Messages and in my email account - but none appeared.
Free Trial
<< <i>Autocomplete foils keystroke logger software >>
That's true. Damned if you do, damned if you don't. Keep running with shields at maximum.