We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
ebay security loophole
mikewill34
Posts: 165 Forumite
Hi All,
I recently found out about an ebay security loophole. :eek:
Like most IT professionals I have a few web based email accounts. Suddenly on 4th May I received an email from ebay welcoming one of my email accounts to ebay. A few minutes later this account had bid on a mobile phone unlock at USD159.99. This was followed by an email from paypal, in this the shipping address was in Missouri (USA).
I immediately reported this fraudulant use of my email address to ebay and just for good measure changed the passord on the affected email account.
On the 10th May I recieved an emails requesting the above transaction be cancelled, but as a gesture of good faith requested a partial refund of USD90 (thus the seller had USD 69.99 for doing nothing). Sounds too good to be true!
It probably is a scam as I have searched for the address and I can see that at least two fake companies are registered to it.
I have raised several issues with ebay customer support, but sofar they have not been able to free my email address. :mad:
I have now registered new ebay accounts as placeholders to protect my other email accounts against fraudulant use. I would suggest others do the same.
I have also suggested that ebay change their policy such that it is impossible to bid or sell items until the email address is verified.
PS: Please be kind if I have made any spelling mistakes above.
I recently found out about an ebay security loophole. :eek:
Like most IT professionals I have a few web based email accounts. Suddenly on 4th May I received an email from ebay welcoming one of my email accounts to ebay. A few minutes later this account had bid on a mobile phone unlock at USD159.99. This was followed by an email from paypal, in this the shipping address was in Missouri (USA).
I immediately reported this fraudulant use of my email address to ebay and just for good measure changed the passord on the affected email account.
On the 10th May I recieved an emails requesting the above transaction be cancelled, but as a gesture of good faith requested a partial refund of USD90 (thus the seller had USD 69.99 for doing nothing). Sounds too good to be true!
It probably is a scam as I have searched for the address and I can see that at least two fake companies are registered to it.
I have raised several issues with ebay customer support, but sofar they have not been able to free my email address. :mad:
I have now registered new ebay accounts as placeholders to protect my other email accounts against fraudulant use. I would suggest others do the same.
I have also suggested that ebay change their policy such that it is impossible to bid or sell items until the email address is verified.
PS: Please be kind if I have made any spelling mistakes above.
Regards
Mike Williams
Mike Williams
0
Comments
-
Hi All,
I recently found out about an ebay security loophole.:eek:
Like most IT professionals I have a few web based email accounts. Suddenly on 4th May I received an email from ebay welcoming one of my email accounts to ebay. A few minutes later this account had bid on a mobile phone unlock at USD159.99. This was followed by an email from paypal, in this the shipping address was in Missouri (USA).
I immediately reported this fraudulent use of my email address to ebay and just for good measure changed the password on the affected email account.
On the 10th May I received an emails requesting the above transaction be cancelled, but as a gesture of good faith requested a partial refund of USD90 (thus the seller had USD 69.99 for doing nothing). Sounds too good to be true!
It probably is a scam as I have searched for the address and I can see that at least two fake companies are registered to it.
I have raised several issues with ebay customer support, but so far they have not been able to free my email address. :mad:
I have now registered new ebay accounts as placeholders to protect my other email accounts against fraudulent use. I would suggest others do the same.
I have also suggested that ebay change their policy such that it is impossible to bid or sell items until the email address is verified.
PS: Please be kind if I have made any spelling mistakes above.
Re-Posted (after passing through word's spell checker) due to tinkywinky trying to hijack thread.Regards
Mike Williams0 -
TrickyWicky wrote: »:rotfl: :rotfl: :rotfl:
So it's only IT professionals that have more than one email account? :rotfl:
So the rest of us are utterly thick morons are we?
I hope you studied really really hard to get your qualifications.. and no, your spelling mistakes are unacceptable - coz ur a PROFESSIONAL!!!!
:cool: :T :rotfl:(so you should know how to use a spell checker!)
Bet you're one of these Facebook types who give it Like = Respect, Ignore = Disrespect? :rotfl::rotfl::rotfl:0 -
Please keep on topic, this is a serious loophole in ebay's security.Regards
Mike Williams0 -
Was there any actual activity on your ebay account?
I get all sorts of spam e-mail saying I have bid on things or a paypal payment has been made and if it was not me to click on the link they provide etc. The above sounds like the phishing e-mails I get everyday0 -
So your email address was hacked and used to open an eBay account?
Once they had control of your account, they would of course, be able to use it to verify the email address, so I'm not sure where you are coming from on that.
There's been some fraudulent activity going on on the account which you need to report to the police.
Finally, you've opened more eBay accounts? to protect your email addresses? Bad move. Shut down the excess eBay accounts, and make the passwords stronger on your email accounts or delete them.Warning: any unnecessary disclaimers appearing under my posts do not bear any connection with reality, either intended, accidental or otherwise. Your statutory rights are not affected.0 -
My email account was NOT hacked.ballisticbrian wrote: »So your email address was hacked and used to open an eBay account?
Suspected fraud has happened in USA, not sure I can do much from UK.ballisticbrian wrote: »There's been some fraudulent activity going on on the account which you need to report to the police.
ebay is at fault by allowing accounts to be created without verification with ANY email address not currently linked to ebay account.ballisticbrian wrote: »Finally, you've opened more eBay accounts? to protect your email addresses? Bad move. Shut down the excess eBay accounts, and make the passwords stronger on your email accounts or delete them.Regards
Mike Williams0 -
Was there any actual activity on your ebay account?
Yes; As I said earler a phone unlock for USD159.99 was purchased using the faker's ebay account.I get all sorts of spam e-mail saying I have bid on things or a paypal payment has been made and if it was not me to click on the link they provide etc. The above sounds like the phishing e-mails I get everyday
No; Sadly it's a genuine account which has been created using my email address as if I go directly to www.ebay.com and enter my email address in the forgotten user name section I get an email from ebay with the faker's ebay id.Regards
Mike Williams0 -
What needs to happen is that ebay tighten their security such that.
a) User is prohibited from selling or buying until email account is verified.
b) If the email account of a user is not verified within 7 days (for example) the account is automatically deleted.
This would protect against fraudulent use of somebodys valid email address.Regards
Mike Williams0 -
Isn't that a Catch 22 situation.mikewill34 wrote: »ebay is at fault by allowing accounts to be created without verification with ANY email address not currently linked to ebay account.
Without an ebay account you can not create an ebay account because you haven't got an email address linked to an ebay account, but to get an email address linked to an ebay account you have to have an ebay account. But you can't have an ebay account because you don't have an email address linked to an ebay account.:rotfl:
My head hurtsThis is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
mikewill34 wrote: »My email account was NOT hacked.
.
I would be really interested to know how you know that.
I have just looked and I still have the e-mail from ebay from when I set up a second account (so that I had one for buying and one for selling) asking me to verify my e-mail address to complete setting up the account (exactly what you insist should happen)
It seems to me that the only way the account could have been setup is if someone hacked your e-mail address, completed setting up the ebay account and then deleted the evidence?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards