Options
how ebay can prevent bogus listings in hijacked accounts
derryb
Posts: 38,555 ✭✭✭✭✭
As we all know most hijacked ebay accounts are the result of an ebay member loggin into their account from a phishing email. The theif takes over the account changes the password and then lists bogus items with payment going to the scammer's paypal account.
I have recommended to ebay that once logged into an account they require a second and different password to successfully list an item on ebay. It will require the additional step of entering the password at the time a listing is created but it will prevent a hijacked account from being used to list a bogus item. Let's see if ebay is smart enough to implement the change.
I have recommended to ebay that once logged into an account they require a second and different password to successfully list an item on ebay. It will require the additional step of entering the password at the time a listing is created but it will prevent a hijacked account from being used to list a bogus item. Let's see if ebay is smart enough to implement the change.
"A car is a tool that takes you from one place to another. Everything beyond that is a payment for other people's perception of you."
0
Comments
and chances once the main account if hacked they can recover or reset this.
if you make it where it can't be recovered you make it difficult for legit customers to use the system.
what do you propose to overcome this?
<< <i>The best thing you can do for yourself is to never log in to anything via a link that you click. Always open a new window and type www.ebay.com or www.paypal.com - this doesn't help for people who aren't aware of this, though. >>
Yes it does. When they give up their account password via phishing it will still take a second different password for the scammer to list using the hijacked account. The number of hijacked accounts is evidence that their are stupid people out their no matter how often they are warned.
"A car is a tool that takes you from one place to another. Everything beyond that is a payment for other people's perception of you."
<< <i>It's a good idea... the second password could just be a 4 letter pin number, recoverable via an automated call to your registered phone number. >>
so if you change your phone number, then what?
need a way to change that. if that is linked to the main account and can be done by someone who authenticated with the primary password the measure is easily defeated. if the phone number can't be changed, or is very hard to change (perhaps requires a call, which has its own set of pitfalls and costs) then you lose customers.
there is no panacea to the "password problem".
<< <i>there is no panacea to the "password problem". >>
Not as long as a single password to an ebay account gives access to the selling account. The second password could be used to give acess not only to listing ability but also to profile and personal information once access is gained to the account. A hijacker gaining acess to an account can do little damage if he can't utilize listing ability or acess and change profile/personal information.
"A car is a tool that takes you from one place to another. Everything beyond that is a payment for other people's perception of you."