zilspeed
|
| posted on 23/10/05 at 11:16 AM |
|
|
ebay account hijack
My ebay account was hijacked yesterday. I have it back under control now and they have been good in coming back to me and sorting everyting out.
However - a couple of hints.
If you click a link to an auction and you are taken there very breifly (like you see the listing flash on and off the screen) and then into the
sign in page where you are asked to give your password, don't do it. If you give your password at this point you will be hijacked.
The scary thing about this is it all appears to have happened from within ebay's site. I don't think there is any doubt that the
sign in page was not genuine, but I wasn't switched on enough to catch it.
So - be warned. Once they're 'in' who know what havoc they could cause.
On reflection - the listing that I clicked the link to may have some code buried in it to redirect me to this bopgus sign in page. Anyway - keep your
eyes peeled everyone.
[Edited on 23/10/05 by zilspeed]
|
|
|
|
|
JoelP
|
| posted on 23/10/05 at 11:35 AM |
|
|
worrying, that happens all the time to me - being asked for a password, and i probably wouldnt notice if a page had flashed up first.
How did you first work out that your account had been blagged (did they change your password?) and how do you report it to sort it fast?! Cheers 
Beware! Bourettes is binfectious.
|
|
|
omega 24 v6
|
| posted on 23/10/05 at 11:35 AM |
|
|
How did you know it was hijacked so fast mate.
Trouble signing in or something?
|
|
|
JoelP
|
| posted on 23/10/05 at 11:37 AM |
|
|
just a thought, you could try always typing the wrong password first, because a scam site wont know its wrong and will redirect you as if it was the
correct password.
Beware! Bourettes is binfectious.
|
|
|
omega 24 v6
|
| posted on 23/10/05 at 11:40 AM |
|
|
nice line of thinking joelp.
|
|
|
zilspeed
|
| posted on 23/10/05 at 11:50 AM |
|
|
I got an email in the small hours and I was up early enough this morning to see it straight away. The email was from ebay telling me that my request
to change email addresses was underway.
Only thing is - I hadn't asked them to do that, so twigged that something was wrong straight away.
Logged onto my ebay account to find that I was selling a sand rail buggy ( much to my surprise I have to say).
Fortunately, the thick f**kers hadn't seen the need to change my password, so I did that straight away and immediately put in a genuine request
for a change of email address back to my own one.
So - having secured everything, I then did a whois on the ip address of the sender of the original message requesting the change of email address and
discovered it was an AOL one in Virginia - abuse report sent to them.
Curiously though, the email address they had used was a yahoo.gr one.
Then followed that with an email to ebay detailing all of the above and they came back to me this morning confirming everything was sorted.
Hope you followed all of that.
P.S. The original listing I clicked which started this was for a Triumph Stag, described as immaculate and with 12 months MOT and a buy it now of
£900. Serves me right for believing that...
|
|
|
JoelP
|
| posted on 23/10/05 at 11:53 AM |
|
|
quote:
Originally posted by zilspeed
P.S. The original listing I clicked which started this was for a Triumph Stag, described as immaculate and with 12 months MOT and a buy it now of
£900. Serves me right for believing that...
you mean, you were actually in ebay and followed a link, which led to this happening?! Or was the link on an external site?
Beware! Bourettes is binfectious.
|
|
|
zilspeed
|
| posted on 23/10/05 at 11:58 AM |
|
|
It happened from a link within ebay. I was doing a general browse in the triumph section of classic cars, saw this, hit the link and that was it.
There is now no trace that it was ever there...
|
|
|
Donners90
|
| posted on 23/10/05 at 12:37 PM |
|
|
I had exactly the same thing happen on Wednesday. I had clicked a buy it now link input my password again. Next day I had an email from ebay notifying
me of my email address change!??
Then I saw someone was advertising a 3 series BMW under my ID! There were 12 questions waiting for me. However these had all been redirected to the
'new' email address input by the hijackers!
Did a live chat with EBAY and they sorted the problem and reset my ebay passwords etc.
Ebay also recommended that I change my private email and login details as a precaution. Might be worth doing the same!
Highly annoying and has put doubts in my mind about the safety of ebay!!
|
|
|
greggors84
|
| posted on 23/10/05 at 02:38 PM |
|
|
Very worrying if its from ebay, i have heard about emails before asking for passwords, but you can ignore them as ebay will never request passwords
through emails.
Will have to check before i put my password in now. Maybe always just type one letter and press return before i put in my real one.
Chris
The Magnificent 7!
|
|
|
britishtrident
|
| posted on 23/10/05 at 02:56 PM |
|
|
Firefox has 2 addons that help prevent this type of spoofing --- "Spoof Stick" and "Show IP" both very worth while installs
|
|
|
britishtrident
|
| posted on 23/10/05 at 03:14 PM |
|
|
Sceen cap shown Firefox with Spoofstick and ShowIp running.
Below the address bar on the top of the screen spoofstick shows the identity of the site
"You're on www.ebay.co.uk"
Show ip runs in the status bar in the bottom right hand corner of the sceen showing the numerical IP address of the site. Now click on this and
--------
[Edited on 23/10/05 by britishtrident]
 
Rescued attachment firefox1.jpg
|
|
|
britishtrident
|
| posted on 23/10/05 at 03:18 PM |
|
|
It brings up a menu to allow you to double check the site is who is claims to be -- in this case I am using Netcraft which Show Ip opens i a new
tab.
 
Rescued attachment netcraft1.jpg
|
|
|
speed8
|
| posted on 23/10/05 at 03:46 PM |
|
|
There was something about this on Pistonheads the other day iirc.
http://www.pistonheads.com/gassing/topic.asp?f=141&h=0&t=216130
Found topic above. Pretty much explains what is happening.
|
|
|
britishtrident
|
| posted on 23/10/05 at 04:06 PM |
|
|
Easy just use a browser that blocks unwanted popups --- speaking of ebay niggles I getting very p+++++ off with ebay listings that play sound
files.
 
Rescued attachment nopopups.jpg
|
|
|
mark.s
|
| posted on 23/10/05 at 05:35 PM |
|
|
just to put my 2 bits worth in , i have had the normal emails regarding to change ID and password, but i did receive 1 yesterday morning asking
"to leave feedback if i was happy with the item from" ACCSTATION."....never heard of him!
They also put at the top of the email..Your registerd name has been included to show this has originated from ebay, They did have the right name but
from 12 months ago!
mark
|
|
|
matt_claydon
|
| posted on 23/10/05 at 05:46 PM |
|
|
If you use the same password for anything else don't forget to change it everywhere you use it else the scum could be all over you email, online
banking and heaven forbid Locostbuilders!
|
|
|
wilkingj
|
| posted on 23/10/05 at 06:35 PM |
|
|
Thanks... most interesting.
1. I never do feedback from Emails, only from withing MyEbay.
2. Good reason to keep Logins, and Passwords separate (different) for Ebay, Paypal, and Email.
3. Adopt a Password policy of At LEAST 8 characters, with a number in there as well (A number Up's the combinations by an additional factor or
two.
Also you can spell words with Ones for i's and Zero's for o's 3's for e's etc. This is common, but it adds those all
important numbers into your passwords to keep the combination levels up.
I also use this tool, recommended by a pal that used to work for ISS.
http://www.iss.net/support/product_utilities/domainspooffilter/
Works with MS Internet Explorer
1. The point of a journey is not to arrive.
2. Never take life seriously. Nobody gets out alive anyway.
Best Regards
Geoff
http://www.v8viento.co.uk
|
|
|
