Ebay Hacked?
No, not the site entirely.
I got a text today from my aunt asking me to look into her account due to some suspicious activity on it.
Apparently her account had been sending out messages to sellers in re: their items for over a month.
The context of the messages usually included some blurb about being in need of an urgent gift and in a certain amount. It also proposed, in ₤, a monetary value for the item to be purchased.
If the seller did respond agreeing to the proposal (the formatting, wording, and grammar gave strong indicators of spam, so most went unanswered), my aunt's account would ask to have the item sent first to an address overseas via COD (meaning they'd pay for it when received). Since this reeks of scam, I'm sure nothing was actually sent and no messages were received to indicate anything was ever sent or went unpaid.
Most of the messages were sent to sellers' listing of high end cell phones and jewelery.
The individual sending the messages even included their personal email in some of the conversations.
My aunt has not noticed anything suspicious on her any of her other accounts, any fraudulent charges on her ebay, paypal, or credit cards. I went ahead and had her change her passwords on her accounts accordingly.
So to me it looks like someone was using her ebay account to send messages and conduct activity in a manner that could not be traced to them (at least not as fast as if they had used an ebay account of their own).
Anyone see or heard of anything like this? Open source research on a few of the message's bodies, the email address, and type activity haven't really turned up anything.
If the activity continues after the password change, I'm just going to have the account closed.
Thanks!
~J
I got a text today from my aunt asking me to look into her account due to some suspicious activity on it.
Apparently her account had been sending out messages to sellers in re: their items for over a month.
The context of the messages usually included some blurb about being in need of an urgent gift and in a certain amount. It also proposed, in ₤, a monetary value for the item to be purchased.
If the seller did respond agreeing to the proposal (the formatting, wording, and grammar gave strong indicators of spam, so most went unanswered), my aunt's account would ask to have the item sent first to an address overseas via COD (meaning they'd pay for it when received). Since this reeks of scam, I'm sure nothing was actually sent and no messages were received to indicate anything was ever sent or went unpaid.
Most of the messages were sent to sellers' listing of high end cell phones and jewelery.
The individual sending the messages even included their personal email in some of the conversations.
My aunt has not noticed anything suspicious on her any of her other accounts, any fraudulent charges on her ebay, paypal, or credit cards. I went ahead and had her change her passwords on her accounts accordingly.
So to me it looks like someone was using her ebay account to send messages and conduct activity in a manner that could not be traced to them (at least not as fast as if they had used an ebay account of their own).
Anyone see or heard of anything like this? Open source research on a few of the message's bodies, the email address, and type activity haven't really turned up anything.
If the activity continues after the password change, I'm just going to have the account closed.
Thanks!
~J
And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
Comments
-
MSP-IT Member Posts: 752 ■■■□□□□□□□I received and email from eBay directly saying that my password had been changed because of "suspicious activity" and "unwarranted solicitation" roughly 3 months ago. I never received prior communication from them and haven't since. I looked into it and couldn't find any trace of it on my account. I verified that it was indeed from eBay.
-
--chris-- Member Posts: 1,518 ■■■■■□□□□□Sounds like another form of the same old thing. They phished (or obtained somehow) her info and now they are using her account with good standing/positive ratings to try and lure anyone into a scam. My paypal info was obtained somehow not too many months ago, they moved all the money I had in there to a GE bank account. Paypal obviously stopped all of it before I even knew it happened, and fixed it right as rain....but I had a pretty long complex password and a unique username. It was obviously picked up by a keylogger (my guess) on a computer I used somewhere.
-
J_86 Member Posts: 262 ■■□□□□□□□□I received and email from eBay directly saying that my password had been changed because of "suspicious activity" and "unwarranted solicitation" roughly 3 months ago. I never received prior communication from them and haven't since. I looked into it and couldn't find any trace of it on my account. I verified that it was indeed from eBay.
Yeah, I received the same thing but it was a long time ago (year I think). I've only used eBay a few times, didn't find anything wrong with my account or suspicious activity. I wonder what triggers these suspicious activity email alerts from eBay? -
petedude Member Posts: 1,510Sounds like another form of the same old thing. They phished (or obtained somehow) her info and now they are using her account with good standing/positive ratings to try and lure anyone into a scam. My paypal info was obtained somehow not too many months ago, they moved all the money I had in there to a GE bank account. Paypal obviously stopped all of it before I even knew it happened, and fixed it right as rain....but I had a pretty long complex password and a unique username. It was obviously picked up by a keylogger (my guess) on a computer I used somewhere.
Watch those internet cafe PCs. I had an issue with with a FedEx PC like that once. I am very wary of those PCs now.Even if you're on the right track, you'll get run over if you just sit there.
--Will Rogers -
--chris-- Member Posts: 1,518 ■■■■■□□□□□Watch those internet cafe PCs. I had an issue with with a FedEx PC like that once. I am very wary of those PCs now.
Worse yet, I don't recall using any PC aside from my normal ones (work & home) during that time. I wiped/installed everything when I got home that day. This is why I don't do banking on anything other than my home PC that gets wiped every couple of weeks for some reason or another. Its not 100% safe, but its better than a PC that's been "exposed" for months or years. -
Crikey Member Posts: 59 ■■□□□□□□□□This is why I don't do banking on anything other than my home PC
Same here. No phone or tablet, definitely not on any public wireless at all. -
CoolAsAFan Member Posts: 239For those weary about using public wifi, you should look into using a VPN. Don't want a third party VPN you say? Roll your own to use your homes internet connection. This way hackers can't read any plain text sent over the public wifi with packet sniffers because everything will be encrypted. This is very easy to accomplish and there are plenty of guides out there!
Also, I would NEVER use a public pc/laptop for tasks involving sensitive information, unless I could change the boot options and boot my own OS from USB. Happy secure browsing!IvyTech - AS CINS (Completed: May, 2013)
WGU Indiana - BS IT Security (Started: August 1st, 2013)
Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
Required: SBT1 RGT1 RIT1 -
MentholMoose Member Posts: 1,525 ■■■■■■■■□□My paypal info was obtained somehow not too many months ago, they moved all the money I had in there to a GE bank account.MentholMoose
MCSA 2003, LFCS, LFCE (expired), VCP6-DCV