HACKING ATTEMPTS ON EBAY ACCOUNTS - HOW TO DEAL WITH THEM

[gr8-expectations]

Today I received a message from a prospective buyer who had previously contacted me legitimately via the ebay message system (and to whom I had responded normally) on an item I was selling now expired and sold. The question on the item showed up about 4-5 days after the end of the item and its sale to a different bidder.

Because the question on the sold item was from a buyer with whom I had had (what I thought) was legitimate communication while the item was still active, and the question seemed to make sense, plus the ebay member had over 800 feedback and it related to Vinyl records which was what the sold item was, I clicked the link.

Before clicking the link I was trying to match the ebay item number to check to match it to one of the vinyl record items I had been selling of which there were about 9 (2 of these sold) it did not match and regardless (silly me) I pressed on and it took to me to login to ebay .com which was where the items had been listed.

After getting to the login screen and after logging in using my then password, it still did not take me to the item, in fact the item did not exist, whoever sent the bogus latter question purportedly from the same member as before has doctored the email, the item number had been changed slightly, so all they were after in the phishing email was my password.

Luckily i realised what had happened and quickly went and changed my password, but it was a very subtle and clever hack attempt, how they did it i dont know, but had I not instantly changed the password I suspect that one of my ebay selling and buying IDS would have been hacked for sure;

lessons -

NEVER reply to a question sent after an item has ended, it is likely to be a hacking attempt
CHECK and match item numbers to questions and check the address of the email you are sent
Never click on links sent after item ended which purport to be from a legitimate ebay member but most likely are not

[gr8-expectations]

also as a further precaution;

regularly change your ebay and paypal passwords to keep ahead of the hackers and use a strong password. make sure you keep a record of new passwords until you remember them

[low-enghooi]

Thanks GR8.

Allow me to add:

1. Don't use the same email address for both ebay and paypal.
2. Don't post in ebay forum with your selling id.
3. Don't identify yourself in ebay forum, if you must post.
4. Don't tick on the box "Send a copy to my email address."
5. Maybe, I said maybe, abandon ebay.

[low-enghooi]

how they did it i dont know

Not too difficult to do it actually. It is the same as those phishing email send from the bank.

Next time try this: enter fake id and password. Will be fun.

[*Yibida*]

how they did it i dont know

Not too difficult to do it actually. It is the same as those phishing email send from the bank.

Next time try this: enter fake id and password. Will be fun.

I wouldn't do it .... you don't know if there is a key logging Trojan in the email.... or if your antivirus quarrantined the trojan before you opened the email....

[*CountessA*]

AGREED. Yibs has stated the secondary problem perfectly.

Gr8, run a full scan of your computer to see whether a keylogger was installed when you clicked on the link. You should run your antivirus software to scan your entire computer (a full scan, not just a Smart Scan), then run Ad-Aware as well (again, full scan).

More information on keylogging: http://www.securelist.com/en/analysis/204791931/Keyloggers_How_they_work_and_how_to_detect_them_Part_1

And this is just another reason why you should never, never, never, never, never, never, never, never, NEVER - NEVER - NEVER click onto a link in an email.

Never.

Not ever.

Not even if it's legitimate.

Never.

Get used to right-clicking the link instead so that you can copy the link location, and then paste it into a new browser window before you press enter. EXAMINE the actual link before hitting enter. And don't ever, ever, ever click the link in the email.

[gr8-expectations]

thanks Low and Yib pretty deceptive and sophisticated what they do to get access, i have the feeling that had i not changed it immediately i would not have been able to access my own ebay account.

[gr8-expectations]

thanks Countess, I will re-activate my anti virus program for mac os10 and run that check, appreciated, yes i was silly to click it but trusted it because it was from what appeared to be a genuine seller who someone had jumped on the back of to send that email

[tellomon]

never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, EVER trust.......

[*Brum6y*]

(I think Tello's trying to tell us something....)