eBay concerns

[judypilot]

I could use some reassurance and/or advice. I recently signed up to buy something on eBay. I initiated the whole thing by logging on to eBay. I also got a Paypal account. I followed all instructions about security, etc., etc., and I got my products just fine. This is the first time I've used eBay.

All of a sudden, I've started getting zillions of spoofs "from" eBay and Paypal. I don't recall EVER getting any spoofs purporting to be from these organizations.

What I want to know is, why now? This seems to me that there must be a HUGE leak in eBay's and Paypal's security. They are supposed to keep information private, so how did the phishers find out when I got a new account?

I don't know exactly how spyware works, and I don't really worry about it because I use Macs with OSX. I know there have been a couple of spyware programs written for Macs, but I've also heard they aren't very good and that the most rudimentary security procedures, which I follow, can foil them. In almost 20 years of using Macs, I've gotten a virus only once, about 10 years ago when it was still OS 7 or OS 8.

This seems really suspicious to me. I just don't see how this could be anything other than a security problem with eBay and Paypal. Any insights from those of you who know a lot more about this than I do?

Incidentally, no problems have showed up on my eBay or Paypal accounts that I know of.

Judy

P.S. I got a pulsoximeter and a portable oxygen system, both very nice and both considerably less than one would pay from other venues, so I'm very happy with my eBay purchases. In fact, I was wishing I'd gotten into eBay sooner, but this whole incident with the spoofs has spooked me.

 

[T Bone]

Only semi experienced w/ eBay (curerent score 75@100%). Even bought my used car there!

Are you sure they are spoofs? Seems I recall alot of emails from both eBay and paypal early on (sort of "near spam"). They did taper off in fairly short order.

If you're not positive (or even if you are, they may stop some of the sites), I'd report it to eBay. They have pages on how to recognize spoofs, and how to report problems with your account and emails. I've found the response is usually pretty good (you'll get an automated response first, and should hear from their "safe harbor" team within a day or two).

As for Mac's, I'm with Sgt. Schultz (I know nothing!) but with Windoze, I've found if I clear my cookies and temporary files right before I run any of my several anti spyware programs, I get FAR less hits. Seems most reside there.

 

[SJP]

I could use some reassurance and/or advice. I recently signed up to buy something on eBay. I initiated the whole thing by logging on to eBay. I also got a Paypal account. I followed all instructions about security, etc., etc., and I got my products just fine. This is the first time I've used eBay.

All of a sudden, I've started getting zillions of spoofs "from" eBay and Paypal. I don't recall EVER getting any spoofs purporting to be from these organizations.

What I want to know is, why now? This seems to me that there must be a HUGE leak in eBay's and Paypal's security. They are supposed to keep information private, so how did the phishers find out when I got a new account?

I don't know exactly how spyware works, and I don't really worry about it because I use Macs with OSX. I know there have been a couple of spyware programs written for Macs, but I've also heard they aren't very good and that the most rudimentary security procedures, which I follow, can foil them. In almost 20 years of using Macs, I've gotten a virus only once, about 10 years ago when it was still OS 7 or OS 8.

This seems really suspicious to me. I just don't see how this could be anything other than a security problem with eBay and Paypal. Any insights from those of you who know a lot more about this than I do?

Incidentally, no problems have showed up on my eBay or Paypal accounts that I know of.

Judy

P.S. I got a pulsoximeter and a portable oxygen system, both very nice and both considerably less than one would pay from other venues, so I'm very happy with my eBay purchases. In fact, I was wishing I'd gotten into eBay sooner, but this whole incident with the spoofs has spooked me.

Can't remember the last time I got email from Ebay that wasn't expected. You get a fair few at the beginning to set up the accounts, comnfirm your details etc - but they should all be easily identifiable as coming from Ebay or Paypal. If they aren't, feel free to forward one to me and I'll take a look - I've been buying and selling on Ebay for ages, never had a problem with phishers.

I personally have separate email addresses specifically for Ebay, as the seller/buyer at the other end will see that address, and nothing stopping THEM from selling it to a mailing list or whatever.

 

[Dean]

I use ebay all the time, what you need to watch out for are emails asking you to update your info, such as CC#, SSN and bank info. This are fake emails and will provide you a link to update with. Delete these ASAP and ignore them. If you have a high dollar item for sale, you will get emails wanting to buy your item out right with them paying you extra for shipping and then they want you to send them a cashiers check for the refund. STAY clear of these as well and report them to ebay. Just be carefull and have fun with it and as you said, you can find some good buys.

 

[corjulo]

Paypals is inundated with spoofs or fishing. ANYTIME YOU SEE A LINK you can be certain its a spoof. Paypals never ever ever includes a links.

 

[corjulo]

Also watch-out for fake escrow services. Same deal. If they want an escrow then you set it up using ebay approved site. I had a guy try that on me.

 

[wsuffa]

Judy,

be careful of the spoofs.

I'm sure that you know to NOT click on a link in an email. If it's from Ebay or Paypal, open a new browser and type in the site address directly. Do not click on a link in the email.

As for how you get the spoofs? There is some kind of spider collecting email addresses on Ebay (whether they try and hide 'em or not, there is a way for unscruplous folks to get 'em). And the crooks assume that if you have an ebay account you also have a paypal account.

I know this because I have an email address that I use ONLY for ebay transactions (not Paypal). That address routinely gets spoofs listing both ebay and paypal. I always check the IP address of the sender, and the spoofs are obvious frauds.

Please be careful. If there is ever a question about the email, go to the site without clicking on a link in the mail.....

bill

 

[gismo]

Paypals is inundated with spoofs or fishing. ANYTIME YOU SEE A LINK you can be certain its a spoof. Paypals never ever ever includes a links.

I think Judy is wondering whether making a purchase on Ebay has somehow made her email address visible (attractive?) to the phishers as she saw a big jump in this kind of traffic right after the purchase.

It wouldn't surprise me that there is a connection, but aside from Ebay or PayPal (same outfit actually) selling your address to the phishers (pretty sure they don't), the only ways would be for the seller you bought from doing that, or someone has hacked into Ebay's server.

 

[grattonja]

The unsoliciteds are almost always fakes. You can just ignore them. They spooked my mom enough so that she routinely rotates her name/password etc. I have done neither and had no problems with either Ebay or Paypal. FWIW, set yourself up with "my ebay". You will see the button for it at the top of the ebay page. Then, ebay will have a place on your "my ebay" page to send you direct correspondence. That stuff is from ebay, and is legit. Then you should just be able to ignore the stuff you get in your mailbox.

Jim G

 

[judypilot]

Only semi experienced w/ eBay (curerent score 75@100%). Even bought my used car there!

Are you sure they are spoofs? Seems I recall alot of emails from both eBay and paypal early on (sort of "near spam"). They did taper off in fairly short order.

If you're not positive (or even if you are, they may stop some of the sites), I'd report it to eBay. They have pages on how to recognize spoofs, and how to report problems with your account and emails. I've found the response is usually pretty good (you'll get an automated response first, and should hear from their "safe harbor" team within a day or two).

As for Mac's, I'm with Sgt. Schultz (I know nothing!) but with Windoze, I've found if I clear my cookies and temporary files right before I run any of my several anti spyware programs, I get FAR less hits. Seems most reside there.

Oh, they're spoofs all right. I forward them to eBay, and eBay confirms they are spoofs.

Judy

 

[judypilot]

I use ebay all the time, what you need to watch out for are emails asking you to update your info, such as CC#, SSN and bank info. This are fake emails and will provide you a link to update with. Delete these ASAP and ignore them. If you have a high dollar item for sale, you will get emails wanting to buy your item out right with them paying you extra for shipping and then they want you to send them a cashiers check for the refund. STAY clear of these as well and report them to ebay. Just be carefull and have fun with it and as you said, you can find some good buys.

Dean (and others),

Oh yes, I know all about phishing and spoofs, and have never, ever responded to anything like this. Also, I have confirmed with eBay that these are spoofs. Two of you suggested that the information was somehow acquired from eBay's files, and that's what I'm worried about. If they can get my email address, what else can they get? Doesn't that constitute a big security problem with THEM? I know for absolute 100% certain that the problem did not originate with carelessness on my part because I'm very cognizant of all the traps that these guys use. And I've never had purchases from any other websites result in this kind of spoofing. That's why I'm concerned about security at eBay and Paypal, and putting all your answers together, I think my concern is justified.

Judy

 

[mikea]

I wonder if it's possible your email address leaked out for the phishers to harvest. I created a throw away address for ebay and PayPal. The phish messages I get - and I've gotten them for years - don't use the throw away address.

You should remember that the minute you "win" an item, your email address goes to the seller. You have no control over what happens to it after that.

You can use a Gmail or Yahoo account specially set up to be discarded when spam gets out of control. Yahoo mail Plus offers a service called Address Guard where you can create an arbitrary address like judy123-ebay000(at)yahoo.com that you only give to ebay. When you get spam to that address, you can change the address on ebay to another arbitrary like judy123-ebay001(at)yahoo.com and delete the original.
http://help.yahoo.com/us/tutorials/mail/mail/addressguard1.html

There are other web based spam control services like spamgourmet that will give you a free throwaway address.

--Mike

 

[judypilot]

I wonder if it's possible your email address leaked out for the phishers to harvest. I created a throw away address for ebay and PayPal. The phish messages I get - and I've gotten them for years - don't use the throw away address.

You should remember that the minute you "win" an item, your email address goes to the seller. You have no control over what happens to it after that.

You can use a Gmail or Yahoo account specially set up to be discarded when spam gets out of control. Yahoo mail Plus offers a service called Address Guard where you can create an arbitrary address like judy123-ebay000(at)yahoo.com that you only give to ebay. When you get spam to that address, you can change the address on ebay to another arbitrary like judy123-ebay001(at)yahoo.com and delete the original.
http://help.yahoo.com/us/tutorials/mail/mail/addressguard1.html

There are other web based spam control services like spamgourmet that will give you a free throwaway address.

--Mike

Unfortunately, now the cat is out of the bag. Would it help if I changed my email address in eBay? Answer to own question: Probably not.

The frustrating thing is that these things seem to be able to sneak past my spam blocker, and of course, I'm afraid my spam blocker will also pull out the legitimate ones if I can ever get it trained to filter mail that seems to be from eBay. Well, I'll just keep at it.

I did send a complaint to eBay. It will be interesting to see what they say.

Judy

 

[wsuffa]

Once your email address is on a list, your done.

BTW, a lot of these phishers and scammers are criminals from Russia and other parts. They use machines that have been infected with viruses and malware to send their evil tomes.

One more reason to keep our anti-virus software up to date....

 

[mikea]

Unfortunately, now the cat is out of the bag. Would it help if I changed my email address in eBay? Answer to own question: Probably not.

It'll work if you can stand throwing the old address away. You'd have to notify all of your friends...and how many websites and businesses of your new email address. What kills is "Forgot your password? Click here and we'll mail it to you." if that goes an address you can't get to. Then you have to find a phone number.

When Jann dumped her juno address she had a week long email conversation with a techie at the Access4Free who could never get that she needed the contact address changed because she couldn't get to the one they had. She finally gave up. They may have been more interested if she owed them money.

The frustrating thing is that these things seem to be able to sneak past my spam blocker, and of course, I'm afraid my spam blocker will also pull out the legitimate ones if I can ever get it trained to filter mail that seems to be from eBay. Well, I'll just keep at it.

I did send a complaint to eBay. It will be interesting to see what they say.

Judy

One more service I get with Yahoo Mail Plus is Spam Blocking. It works really well, except for a few false positives. I kept telling it some email lists I'm on and ads I get are not spam. I figured out that if you add the sender to your address book the spam blocker gets that they're OK.

My main email address goes back many years - pre scum. It's fascinating to watch and realize that you have literally 200 new spams all at once from THE SAME SCUMBAG. Eventually, that one one will stop, maybe because somebody hunted him down and killed him, and a new one comes in his place. You see large batches of similarly formatted spam start and stop.

At least that DMA-sponsored CAN-SPAM act from Congress fixed the problem, huh?

 

[BillG]

The weirdest things I've seen are the same exact e-mail to completely different addresses of mine - how did they both get on the same list like that? And some of my addresses simply aren't published or used anywhere, yet they get spam - lucky guesses?

 

[judypilot]

The weirdest things I've seen are the same exact e-mail to completely different addresses of mine - how did they both get on the same list like that? And some of my addresses simply aren't published or used anywhere, yet they get spam - lucky guesses?

Yes, actually. Withour old ISP, my husband, whose user name was his initials plus an extremely common last name, got far, far more spam than I, with my hyphenated last names, ever got. A techie at the ISP told me that with names like his, you've got to use something different because they will literally generate user names:

asmith
aasmith
absmith
acsmith
.
.
.
bsmith
basmith

etc., etc. Very fast to generate.

Judy

 

[SkyHog]

And some of my addresses simply aren't published or used anywhere, yet they get spam - lucky guesses?

Yep. Lucky guesses. Some spammers will send to all kinds of similar names - look at the email addresses they're sent to sometime....stuff like a@comcast.net; aa@comcast.net; aaa@comcast.net; etc.

Among those spammers, are the smart ones (for what they are), who will embed a picture of some sort. They can track the usage of the picture, therefore verifying the validity of your email address.

Dontcha love that?

 

[judypilot]

Yep. Lucky guesses. Some spammers will send to all kinds of similar names - look at the email addresses they're sent to sometime....stuff like a@comcast.net; aa@comcast.net; aaa@comcast.net; etc.

Among those spammers, are the smart ones (for what they are), who will embed a picture of some sort. They can track the usage of the picture, therefore verifying the validity of your email address.

Dontcha love that?

Imagine if they turned all that energy to something useful, like saving the world instead of plaguing it.

Judy

 

[BillG]

Except that I don't get a lot of wrong guess bounces on my server, just the right guesses... I wish I were that lucky...!

 

[Dean]

Judy,

One other way they get your email address is by contacting you for questions about an item you are selling or if you have contacted someone about their item. If that person has spyware on his computer then they have you. To me there is no full proof way to protect yourself. Other than not using the internet!

 

[judypilot]

Judy,

One other way they get your email address is by contacting you for questions about an item you are selling or if you have contacted someone about their item. If that person has spyware on his computer then they have you. To me there is no full proof way to protect yourself. Other than not using the internet!

Hoo boy. And I did that, too. Sigh.

Judy

 

[T Bone]

Interesting timing.... right after I responded above, I went to my email. Had one item in my spam folder (my fliter puts it there so I can check it). It was an (legitimate) email from Paypal. On how to recognise a spoofed email from Paypal!

As I said, I know nothing about the Macs, but I find if I get an increase in phishing emails and clear my cookie files and temporary internet history, it seems to correlate with ceasing the phishing. Failing that, I strongly recommend getting an anti spyware program (those of us running Windows have lots of free versions to choose from, hopefully they're available for Macs as well.

Also FWIW, I'm still using the same email address I started with about 4 years ago, use the same for eBay and Paypal (2 years +) and I've not had any real problems so far.

 

[TangoWhiskey]

I think Judy is wondering whether making a purchase on Ebay has somehow made her email address visible (attractive?) to the phishers as she saw a big jump in this kind of traffic right after the purchase.

It wouldn't surprise me that there is a connection, but aside from Ebay or PayPal (same outfit actually) selling your address to the phishers (pretty sure they don't), the only ways would be for the seller you bought from doing that, or someone has hacked into Ebay's server.

If the seller's PC is infected with a virus that harvests email addresses from their mail program, then as soon as EBay notified the seller that you won the auction (and sent the seller your email address), some hacker somewhere would be able to harvest that email address.

I am nearly positive that is what happened--the email addresses for the users are not available on eBay in the source code of the pages, and that is what a spider would read.

Troy

 

[RogerT]

IAll of a sudden, I've started getting zillions of spoofs "from" eBay and Paypal.

Judy .. I got two of those today. They all come from off shore
that I've gotten. I clicked on one a while back just to follow it and
it said enter your ebay id and password. I made one up. It took it.

I've never had an ebay account or used it at all. So it's not coming
from ebay. It's just a mass emailing.

 

[555Juliet]

Aside from phishes, the only problem I've ever had with eBay was a year or so back. I go through spells where I won't buy or sell anything for a few months. During one of these periods, when I wasn't actively monitoring my account, somebody got hold of my eBay ID and password--and I have *no idea* how this happened--to bid on an expensive piece of pottery.

Thankfully, they didn't win the bid. I informed eBay and the seller immediately and changed my password. I didn't want to change my seller ID because I had built up an unblemished eBay rep of more than 100 transactions. Probably if it were to happen again I'd boot the seller ID and start from scratch--the hassle isn't worth it.

Monitor your account activity from time to time. You can do this via the 'My eBay' page which shows you all items that you are bidding on and/or selling. Makes it very simple.

 

[tom clark]

There's no way to protect your email address when using ebay, because any ebay user can get another users address. It's freely available. There are a ton of ways to ripoff people on ebay. But my new favorite is the crooks who watch for auctions to end, then send the legitimate winner a bogus "congrats you won my auction, please send money to.....". I read that's quite successful. There are a number of others, but this one by far requires the least amount of work. And just imagine how many auctions end each day on ebay. What a goldmine! Just make sure you pay for items by going back into the ebay auction page and you should be ok. The key to most these scams is gettting you to hit a link on an email, or in this scam, send money to the "seller" based on info supplied to you on an email instead of the auction page. tc

 

[corjulo]

There's no way to protect your email address when using ebay, because any ebay user can get another users address. It's freely available. There are a ton of ways to ripoff people on ebay. But my new favorite is the crooks who watch for auctions to end, then send the legitimate winner a bogus "congrats you won my auction, please send money to.....". I read that's quite successful. There are a number of others, but this one by far requires the least amount of work. And just imagine how many auctions end each day on ebay. What a goldmine! Just make sure you pay for items by going back into the ebay auction page and you should be ok. The key to most these scams is gettting you to hit a link on an email, or in this scam, send money to the "seller" based on info supplied to you on an email instead of the auction page. tc

I don't think this is correct anymore, although I may be wrong. I believe you can hide your address. Ebay will only release it to a winning bidder or to a seller of a winning bidder

 

[tom clark]

looks like you are right Dan. have to wonder how old that magazine was i was reading! good to see they closed that loophole.