Hacked at Ebay...

Discussion in 'Effects, Pedals, Strings & Things' started by Don Rusk, Feb 19, 2006.


  1. Don Rusk

    Don Rusk Gold Supporting Member

    Messages:
    6,902
    Joined:
    Jul 22, 2002
    Location:
    St. Louis
    This week I found out someone had hacked my ebay account and was sending bogus second chance offers from my account....

    the sad thing is I sort of noticed this awhile back, but just erased them as one of many spamail things to be mildly annoyed at and quickly disposed of .....

    I didnt occur to me that there was actually something wrong until Ebay sent me notification of what exactly was happening....

    to thier credit they were all over it and were a big help in telling me exactly what to do.............


    anyone else get snagged in this or anything similar???
     
  2. analogmike

    analogmike Gold Supporting Member

    Messages:
    6,151
    Joined:
    Mar 17, 2004
    Location:
    Connecticut
    wow... please elaborate, how did they do and and what did they do?
    Did they guess your password?
     
  3. Laroosco!

    Laroosco! Member

    Messages:
    2,604
    Joined:
    May 28, 2002
    Location:
    Detroit, MI
    Does that mean that you're not sending that pedal? :(


















    ;)
     
  4. exodus

    exodus Member

    Messages:
    1,821
    Joined:
    Sep 7, 2003
    Location:
    Sweet Home Chicago
    It happened to my ex-gf... someone over in the Eastern Block was putting up generic pictures of cameras and "selling them" under her account.

    the guy reset her passwords, email, location... etc.

    Ebay took care of it. The real question that you have to figure out is how they got your password. The most common way are either phishing or perhaps a trojan horse keylogging everything you type.
     
  5. Don Rusk

    Don Rusk Gold Supporting Member

    Messages:
    6,902
    Joined:
    Jul 22, 2002
    Location:
    St. Louis
    Yeah I think they hacked my password ---

    It started (or I noticed it ) back in the Katrina auctions - when some of the bidders on the Way Huge items got second chance offers , and some wanted to buy them !!! I happened to be talking to them about something else or t hey likely would have been stung........

    then later I saw a couple on items I had nothing to do with, but were using my account info to send.......



    so uh read your ebay junkmail !!!!
     
  6. exodus

    exodus Member

    Messages:
    1,821
    Joined:
    Sep 7, 2003
    Location:
    Sweet Home Chicago
    again, figure out how they "hacked" the password or it will happen again.

    I worked for a large-ish IT in the past and dealt with getting hacked.

    The least used/successful method to hack is "brute force", or just guessing a person's password. Look for others ways they got it.

    When it happened to an exgirlfriend, her password was sent to the hacker via a trojan horse/keylogger which we later found on her laptop via a simple virus scan.
     
  7. Craise

    Craise Member

    Messages:
    1,254
    Joined:
    Sep 16, 2005
    Did you ever respond to a "supposed" e-mail from paypal to change your password? I've gotten a few different types, that look like they are from paypal. But they send you to a fake paypal webpage...and when you enter your password...doh! Tons of scamers out there...if you didn't loose any $ feel lucky.
     
  8. Laroosco!

    Laroosco! Member

    Messages:
    2,604
    Joined:
    May 28, 2002
    Location:
    Detroit, MI
    If the Paypaal email doesn't address you by your name then it is a fake. The fake ones always start with "Dear Paypal Customer"

    I always forward fake Paypal emails to spoof@paypal.com
     
  9. thebot

    thebot Member

    Messages:
    247
    Joined:
    Jan 15, 2006
    Location:
    Edinburgh
    Yeah, I got done with that fishing scam - fortunately realised before anything happened (and before I lost any money). They just managed to put a dodgy item up for sale, there were no bidders and Ebay sorted it out pretty quickly.
     
  10. 59Vampire

    59Vampire Silver Supporting Member

    Messages:
    4,103
    Joined:
    Dec 17, 2005

    Craise from Farscape?????
     
  11. stratofied

    stratofied Member

    Messages:
    580
    Joined:
    Dec 6, 2004
    Reply to all questions about items you may have up for auction through your "My Ebay" page only. Do not reply to email.
     
  12. whitehall

    whitehall Member

    Messages:
    5,223
    Joined:
    Sep 6, 2004
    Location:
    Annapolis
    yeah, it's become pretty much commonplace these days. Almost every time I bid over 1500 on something I'll get a bogus second chance offer after it ends.
     
  13. Frethog

    Frethog Member

    Messages:
    1,333
    Joined:
    Apr 13, 2004
    Location:
    Portland, Or USA
    I got banned from ebay last year and had to jump through all kinds of hoops to get re-instated. Took 3 months and they never did divulge precisely what had occurred. I figured it was something like this, but like I said, they never told me.
     
  14. Don Rusk

    Don Rusk Gold Supporting Member

    Messages:
    6,902
    Joined:
    Jul 22, 2002
    Location:
    St. Louis
    Well heres the contents of thier letter - might help someone before they get hacked.....

    ~~~

    "It appears your account was accessed by an unauthorized third party and used to send unsolicited emails to other community members, including email offers to sell items outside of eBay. It does not appear that your account was used to list or bid on any items. Additionally, the email address on your account may have been tampered with, which is why you may not have received any emails about this activity.

    At this time we have taken several steps to secure your eBay account. Rest assured that your credit card and banking information is safe on the eBay site. This information is kept encrypted on a secure server and cannot be viewed by anyone.

    To regain control of your account, please complete the following:

    1. Change the password on your personal EMAIL account to verify that it is secure and cannot be accessed by anyone other than you.
    2. Change the password on your eBay account. To do so, click the "Forgot your password" link on the eBay sign-in page and change your password using the instructions provided.
    3. Follow the steps below to secure your account:
    > Click on the "Security & Resolution Center" link found at the bottom of most eBay pages.
    > Click on the "eBay Account Protection" link in the "Online Security Resources" box. This will take you to the help page titled "Securing Your Account and Reporting Account Theft."
    > Follow the instructions provided in "Securing Your Account".

    As you take these steps, please be aware that you may need to repeat the instructions provided above or use the "Back" button on your Web browser to return to the "Securing Your Account" page.

    We have provided some additional information below to explain how this may have occurred.


    Unsolicited or "spoofed" email messages

    There have been a number of email messages recently sent to eBay members asking them to click on links and provide their user ID and password. These unsolicited or "spoofed" messages appear to come from eBay Support, but in fact do not. eBay never requests sensitive information of this nature via email.

    Any email sent to your registered eBay email address from eBay that affects your account, or from another eBay member via eBay's member-to-member communication system, will now appear in the My Messages portion of your My eBay page. If you receive a questionable email that asks you to click on a link and it is not in My Messages, do not click the link or enter any information. Forward the email to spoof@ebay.com and we will respond to you within minutes to tell you if it was really from eBay. This also lets us take quick action on the fake website to help protect other members.

    To learn more about these fake or "spoof" eBay emails, visit the "Security Center" link found at the bottom of most eBay pages followed by the "Stopping spoof emails and Web sites" under "General Online Safety."


    Password guessing

    If you use a fairly simple or easy-to-guess password, it is possible that someone could guess it after repeated attempts. For this reason, it is important to use a password that consists of a combination of letters and numbers and is not related to your user ID, name, or anything you buy or sell. It is also important to use different passwords for the various online accounts you use (email, PayPal, etc).


    Computer viruses

    There are a number of computer viruses in circulation that log and record keystrokes. It is recommended that computer users keep their virus alert software up-to-date and regularly check for operating system and web browser updates. A firewall for high-speed internet users is also highly recommended.


    Any inquiries regarding your password or other information about your account can be sent to us by clicking "Help" on any eBay page and then selecting "Contact Us."

    If you are contacted with questions about the messages that were sent from your account or other related issues, please refer those individuals to the web address provided above.

    Regards,

    Customer Support (Trust and Safety Department)
    eBay Inc "
     
  15. gregc

    gregc Member

    Messages:
    3,707
    Joined:
    Mar 21, 2002
    Location:
    Long Island, NY, USA
    I got hacked into last week also. Some was then selling wheels & tires under my name. eBAY caught it and we locked things down before any damage was done, and no, I didn't fill out any bogus ebay mails. I genuinely got 'hacked'.
    gregc
     
  16. landru64

    landru64 Member

    Messages:
    2,418
    Joined:
    Mar 17, 2004
    Location:
    Los Angeles area
    so how did you get hacked?
     
  17. blackburncustom

    blackburncustom Member

    Messages:
    63
    Joined:
    Jun 8, 2005
    Location:
    Thumb area of Michigan
    Hi,
    Not only did my account get hacked, someone bought a Ferrari, a BMW, other cars, and listed a refrigerator under my name. They also left awful feedback for my sellers. Ebay was not terribly helpful and it is a real pain to even get ahold of a human. Ebay is definitely not safe anymore.
    Peace,
    Dave:mad:
     
  18. exodus

    exodus Member

    Messages:
    1,821
    Joined:
    Sep 7, 2003
    Location:
    Sweet Home Chicago
    +1. I don't mean to beat it to death, although I probably have already, but the term "hacked" is a very vague term. I only bring this up (again) because without knowing the root cause, you're still susceptible.

    People tend to refer to hacking in its stereotypical movie portrayal of some geek trying to break into a specific computer. The fact of the matter is that this sort of thing is VERY hard to do. I once saw a TechTV episode (geek tv cable show) where they had a Windows XP box setup with only factory software and they challenged their viewers to “hack” that box and simply create a text file and save it on the desktop. Everyone thought, “oh, windows, piece of cake.” They set the computer up with a static IP address, gave out the address on TV, and used no other firewalls other than the default windows settings—basically made it as vulnerable as they could. After a couple of hours, no one hacked it. I think someone was able to restart the computer, but not access the hard drive.

    I mention this because odds are “your” (as in the victim’s) account information isn’t being retrieved by someone hacking ebay’s servers. It is more likely being retrieved from the victim’s side/computer. Being that most of us don’t have static IP address (you pay extra and must request that from your internet provider), that means the mass majority of us are on DHCP leases—in other words, your ip address changes every few days. This makes your computer a moving target, decreasing the likelihood your computer can be individually targeted. A lot of people also have routers and wireless routers. These act pretty good firewalls and make hacking into a private computer just that much harder. Anyone who could actually do it is probably getting paid a lot more money not to.

    There is password “guessing” software out there, but that just tries common words and if it gets lucky, it gets lucky. Plus, the software would have to log into ebay’s servers. Again, if an ebay account is trying to be accessed at the rate of 200 wrong passwords a minute, I’m pretty confident that security software will raise a red flag. Random guessing by hand is well---I'd rather play the lotto.

    Thus, as far as I see, the only option left is for someone to inadvertently give out their information (phishing) or for the computer to have malicious software on it (virus) that is broadcasting the person’s information. I’ve had one or two friends get nailed by phishing scams…and these are twenty-somethings that consider themselves computer literate. It can occur so inadvertently that most don’t even recall the event. I know someone else that picked up a keylogging virus on a wireless network (along with about a dozen other viruses). On a wireless network, you don’t have to download software or open attachments to pick these things up.

    The point is that figuring out how it happened is crucial. Getting dooped by a phishing scam is one thing—we can all be more cautious and avoid that sort of thing. But if it’s a keylogger virus, then anything you type is still being broadcast to the perpetrator without your knowledge. If you think it could be a virus, I would suggest AVG anti-virus. It’s free, has free automatic updates, and automatically scans. It has caught a number of virus “on the fly” while I’ve been surfing the net.
     
  19. plain-boy

    plain-boy Member

    Messages:
    106
    Joined:
    Feb 3, 2006
    Location:
    Grosse Pointe MI
    Also, something I have noticed in "OUR" forum community is that I have signed up for forums that have actually sent my signup confirmation with my passwords NOT hidden. I believe the indyguitarist forum was one of those. So, if you tend to use the same passwords for most things, it becomes vulnerable in even our little community here. I would suggest signing up for such things with a temporary password. Also, you may consider changing your passwords every so often.
     
  20. that_brianm_guy

    that_brianm_guy Gold Supporting Member

    Messages:
    933
    Joined:
    Dec 3, 2002
    Location:
    baltimore, md
    I've gotten a few emails recently that looked like they were legitmately from ebay, but the content wasn't accurate.. they were asking if I had a "buy it now" price.. and I've never sold anything on ebay!

    So I look up the sender on ebay - "rubyndao" - and no such user

    So I'm thinking that you get hacked if you hit that "reply to sender" button in the eamail form... those messages showed up with an attachment, and that's probably what executes and caputers passwords.
     

Share This Page