Over the weekend, several hundred eBay listings were edited to include a message saying “To buy the item now email [a gmail address]”. Several hundred accounts were compromised: the scammers used four gmail accounts to target high value items such as cars, hi-fi and jewellery.
There have been some reports stating that the site was hacked, but this is incorrect. Vanessa Canzini (eBay UK’s PR Manager) confirmed to TameBay today that the site itself remained secure. eBay have released a statement to confirm “that the eBay site has not been hacked or compromised in any way” and that the accounts “were compromised and edited after seller password details were obtained via spoof/phishing emails.”
eBay also point out that they “can provide redress in the rare instance that things go wrong, with the payment protection schemes it offers to both buyers and sellers, but this redress can only be provided if people carry out all transactions on the site.” It’s well known that eBay and PayPal are the target of 75% of all phishing activity on the net, so hacked accounts or in eBay parlance “TKO accounts” (TaKen Over), are nothing new. The only notable fact from the weekend’s activity is that the scammers appear to have saved up several hundred eBay account user names and passwords to edit auctions in bulk.
Just how much is your eBay user name and password worth? To anyone who’s had the horror of their account taken over quite a lot. To the scammers surprisingly little. Normally those perpetrating the scams aren’t those phishing for passwords. There’s an open market where phishers sell on account details for pennies.
So what can you do to stay safe? Firstly the eBay site is secure, so if you keep your password secure your own auctions can’t be edited.
- Don’t click on links from email; type in the URL for eBay or PayPal yourself.
- Expect every email to be suspect; it probably will be!
- If it contains important information log into your eBay or PayPal account and you’ll be notified on the site itself.
- Also consider using the eBay toolbar (for Internet Explorer) which will warn if you’re about to enter your eBay user name and password into a non-eBay site.
As a buyer keeping safe is even easier: never ever transact off eBay. If you see something you want to purchase then buy through the eBay site. Pay in a secure manner: either with PayPal, by credit card through the sellers merchant account, or with services such as Nochex. Don’t ever use cash or Western Union: both methods are banned on eBay anyway.
Finally change your password on a regular basis and never change it back to one you used in the past – that way if your account is compromised by the time the scammer tries to make use of it they won’t be able to log in anyway.