posted on January 23, 2005 05:40:45 AM new
I woke up this morning to find my eBay account hijacked. I have no idea how this could have happened. I change my password regularly. I NEVER click on anything I'm not supposed to. I don't share my eBay password with anyone and I keep it different than all my other passwords including PayPal. I have a firewall. But, it happened. Is eBay's security a tad bit less secure than we believe? I cannot think of any other way. Thankfully, I was up quite late last night and up very early this morning. A total of 5 hours off the computer. This didn't give anyone much time to do any damage. I had to assure Live Help that I didn't click on anything. I think she was puzzeled as well.
Another worry I don't need! BTW, it's still snowing here and the wind is howling. Another fact to brighten this lovely Sunday.
Edited to add: I think our sign-in names should be different than our seller names. With having them the same, a hijacker is one step closer to getting in.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
[ edited by CBlev65252 on Jan 23, 2005 05:42 AM ]
I went to sign on and it wouldn't let me. Said my password was wrong. Yikes, I about had a heart attack! I've changed all passwords everywhere.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
posted on January 23, 2005 07:56:43 AM new
tomwiii
Email sent. BTW, I have DSL. I left the modem behind long ago. I'm wondering if they got through that way although my firewall is pretty secure.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
posted on January 23, 2005 07:58:36 AM new
Did you see Gtootie's post yesterday? I think it was a very good tip on double checking your address line when signing in. It seems like I'm constantly having to sign in now...checking My eBay, checking completed auctions, etc.
Here is part of the post:
This was recently posted here on the board regarding a new account hijacking scam. I ran across one just moments ago myself and thought I'd try to help explain it better and show everyone what to look out for... Because obviously, this is becoming more frequent here on the "secure" site of eBay.
It works like this:
You browse around eBay listings and see one of interest, so you click on it. What happens next is it tries to load up the page for you to view the listing. Instead, you get a screen, prompting you to sign into your eBay account.
Should you actually sign in, the hijacker now has your sign-in information and can steal your account.
Here is a screenshot of what the sign-in page looks like - I have circled the address bar, so that you can see what it looks like. Obviously, it is NOT an eBay page!!
posted on January 23, 2005 07:59:56 AM new
Cheryl,
One possibility is that you had a spyware get thru or you went on a site that was hijacked with a key-stroking spyware. Would that be a possibility???
posted on January 23, 2005 08:02:29 AM new
Cheryl, Use letters AND numbers. A few weeks ago, something happened to my account. I had to answer a bunch of security questions. I contact ebay, they said that either I had entered my password incorrect a bunch of times or someone was trying to hijack my account. (my password had nothing to do with my id) I changed my password right away, even if it still worked and added some numbers to it
Please let us know what happens That is so darn scarey
posted on January 23, 2005 08:02:38 AM new
I'm running the virus scan now, but I don't think that's it. I never got a sign-in sheet like the example either. With my firewall, I don't have too much trouble with spyware. It doesn't allow most of it in. When I run the program, I'm lucky to find 3 or 4 on my computer.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
posted on January 23, 2005 08:41:35 AM new
Your firewall is absolutely useless against most Trojans and Viruses as well as spyware and malware. It is only of limited use in protecting against some of the more prevalent worms. It is absolutely essential you have an anti virus program that updates automatically on a daily basis to be protected against keystroke logging trojans, as well as a good spyware and adware program to keep the bad cookies from moving in with the good ones. Your password was stolen either through a spoof sign in page or a trojan.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on January 23, 2005 08:45:34 AM new
No viruses. No spyware. I do have a program that automatically updates and it's up to date. I am very careful to watch where I sign in. I have run the virus software and the spyware software and neither of them found anything.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
posted on January 23, 2005 08:58:11 AM new
Run a second online scan from a different manufacturer such as housecall at trend-micro or McAffee. It's possible you may have a trojan that is new and not yet updated in your present program. The online scans are always the most recently updated. It can sometimes take a couple days before you receive an update on your resident system. My AV program looks for updates every 4 hours, but I still use housecall on occasion if my machine starts acting funny.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on January 23, 2005 09:14:23 AM new
Naive question here. When your account is hijacked, what exactly does that mean? I have a general idea but no specifics.
___________________________________
Is it true that the only difference between a yard sale and a trash pickup is how close to the road the stuff is placed?
posted on January 23, 2005 09:24:22 AM newNOT 5 MINS AGO:
I was searching sites for VALENTINES DAY & ST PATRICKS DAY backgrounds that I was gonna list here & guess what????
One of those sites tried to dump a TROJAN on me sweet innocent PC!
Source: mmview_101.dll
Description: C:\Documents and Settings\MrBostonRedSoxRalph\Local Settings\Temporary Internet Files\Content.IE5\EPO52HYN\mmviewer_101[1].cab
Click for more information about this threat : Download.Trojan
posted on January 23, 2005 09:25:13 AM new
It means that someone got a hold of your password, changed it and has intentions of using your account for their own ill-begotten gains.
Thanks, sparkz. I think I'll just do that.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
posted on January 23, 2005 09:29:36 AM new
Roadsmith...When an account is hijacked, the crook obtains your password, logs onto your account, changes the password for your account and takes over. You can no longer access your account because you don't know the password. The crook has full access to it and can list all the non-existant laptops he wants. He also changes the contact info so he gets all email associated with that account. When he sells 15 laptops ang gets the money, he disappears with the loot and you get 15 negs for non delivery. If you catch it right away and Ebay gets your account back to you, you can resume with a new password, but if the crook stole your password via a trojan in the first place, he will also get your new password the first time you log on unless the trojan is removed first.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on January 23, 2005 09:45:23 AM new
Thanks for the full explanation, Sparkz. Now I'M scared!
I'm assuming that hijackers would want high feedback accounts for their nefarious purposes. It would make their sales on that account look more safe for the buyers. Cheryl, I know you have high feedback; do we know if any others hijacked also had high feedback? Do we know of low-feedback sellers this has happened to? Just wondering.
___________________________________
Is it true that the only difference between a yard sale and a trash pickup is how close to the road the stuff is placed?
posted on January 23, 2005 09:58:23 AM new
I don't think my hijacker was particularly bright. I was still getting end of auction notices so he or she never bothered to change the email address. They also didn't bother with my contact info. The least they could have done was change the bank account info that the fees come out of to theirs!
Gotta love my feedback: 999 (or 806 if you don't count my repeat buyers) with 99.9% positive. Maybe I need to play the Pick Three today?
Edited to add: I ran the trend-micro and nothing there either. Just when I had my passwords committed to memory!
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
[ edited by CBlev65252 on Jan 23, 2005 09:59 AM ]
posted on January 23, 2005 10:09:54 AM new
Also be sure to watch your sign in page for "Partially Secure". I have been running Firefox and always watch for the padlock and the https and about one time out of 5 I either get no https or an unsigned secure page. I stop it from loading (dial up, so it loads slooow!) and go back and start all over again until I get a "true" sign in page.
Just a thought.
Kevin
posted on January 23, 2005 04:26:24 PM newCBlev65252,
After you get this mess sorted out you might want to consider using a more secure OS such as Linux or Mac OS - far fewer problems as they are not Windoze based.
posted on January 23, 2005 07:15:02 PM new
No offense, but I hate MACs!! I now use Firefox. Far better than IE.
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
posted on January 24, 2005 04:32:24 AM new
cheryl, they're Macs, not MAC'S
thank you
____________________________________________
Dick Cheney: "I have not suggested there's a connection between Iraq and 9/11..."
posted on January 24, 2005 04:41:14 AM new
Sorry, Prof. I had a bad experience on one once and I've been too timid to try again. I worked for a union newspaper publisher and I darn near lost everything on his computer. Can't remember quite what I did, but it was enough to shy me away from them. In fact, my boss gave up and bought a Windows PC for me to use!
Cheryl
"No drug, not even alcohol, causes the fundamental ills of society. If we're looking for the source of our troubles, we shouldn't test people for drugs, we should test them for stupidity, ignorance, greed and love of power." ~ P.J. O'Rourke
[ edited by cta on Jan 23, 2005 07:59 AM ]
