New eBay Scam Sent via "Ask Seller a Question"

RKKay

am listing a coin on eBay and received a question asking "please confirm this item is the same item as the item listed at" followed by a URL. When I went to the URL, it asked for my password on an eBay clone page. BEWARE.

Whizzard

I hope you sent this to eBay. So they can investigate....

Barry

Rick,
I just got one too, and posted a similar message.

291fifth

These are apparently coming thru hijacked accounts. Just how do they go about hijacking an account?

mrearlygold

These spammers should be hung by their balls. If they don't have balls, well........just hung

mrearlygold

We pay all this money in fees and this is the best that ebay can provide for security?

cullenbryant

this is crazy...what i'm understanding is that they are now in the ask seller a question format in "my ebay"?

so if you answer the question have they gottcha?

Barry

Just how do they go about hijacking an account?

By getting Ebay account holders to fall for their spoofed requests to "sign in." Another thing to watch for is using someone else's computer to sign in. When I was in Europe last summer, I was tempted to do a little bidding, but refrained from signing into my acct at an Internet Cafe. You never know where there might be a keystroke recorder, to the owner's knowledge, or not.

so if you answer the question have they gottcha?

Only if you sign in with your acct name and password on the spoofed site.

RKKay

<< <i>this is crazy...what i'm understanding is that they are now in the ask seller a question format in "my ebay"?

so if you answer the question have they gottcha? >>



No. If you go to the link and sign in, they have.

mnmcoin

I have been receiving these for months. That is why I always go to ebays inbox section on my MY EBAY page and answer question through that.

morris <><

Jdurg

I got bit by one of these once. I wasn't thinking and signed in, but as soon as I signed in I realized what I did wrong so I closed the window, rebooted my computer and manually went to www.ebay.com and changed my password immediately. Maybe two minutes went by between when I retardedly signed in, and when I changed my password.

SafeCracker

I got one this morning, and being half asleep, I signed on. But I caught it. I immediately went and changed my password. Later on, I got the same email, which I reported to ebay. I'm still waiting for some word of action. I do know my account was not compromised, however, if Island Merchandising is the origin of this email, please let me know? I just want to make absolutly sure. Thanks.

Safe Cracker

RKKay

<< <i>I have been receiving these for months. That is why I always go to ebays inbox section on my MY EBAY page and answer question through that.

morris <>< >>




The scary part was that it was in the MESSAGES section of MY EBAY.

robertpr

<< <i>

<< <i>I have been receiving these for months. That is why I always go to ebays inbox section on my MY EBAY page and answer question through that.

morris <>< >>




The scary part was that it was in the MESSAGES section of MY EBAY. >>



That's not scary, anybody can sign up for an account and start sending out messages. eBay needs to do a few things to address it (but won't):

- prevent people from sending links through "ask seller a question". Text only, and let the ebay server manually parse for URL's and add in spaces so they are not easy to cut and paste.

- limit the amount of "ask seller a question" messages that can be sent per day to a reasonable number that would prevent a robot from spamming the system.

- add a security box like you see on many websites with an image of some text, maybe distored but still viewable by a human, that you would have to type in to a box to send the message

-eliminate external emails from ebay and move all communications to an on-site communication center within my ebay

Bryan1315

<< <i>These are apparently coming thru hijacked accounts. Just how do they go about hijacking an account? >>



From people clicking that link and actually putting in their ebay password, once they do that the people that run the site just goes in and changes your password so you do not have access to it any longer then they can also change email address and anything else that has to do with your account like bid/sell and you know nothing