Thursday, October 02, 2008

my hijacked eBay account

Instead of spending my lunch hour eating, I spent it with eBay tech support because someone hijacked my account. I occasionally get email from eBay sent to email accounts that are not tied to my eBay profile and so I am generally kind of blase about out-of-place emails. I have had several in my box that say "you've won!" and try to lure you into a fake payment scam, so I know that not all eBay mail is created equal. Usually I chuck 'em in the spam folder, which is what I was about to do when I realized that what I had received was a confirmation that my listed item was now live. That caught my attention, so I opened a separate browser window (important!) and went to eBay, logged in, and yep! I was now selling 5 cashmere scarves for $125 each. And my name was Jason Usner and I live at 1148 Weawit Street, East Earl, PA 17519 (don't worry, it's a fake address).

I immediately wrangled live support, and entered the maze of Proving Who You Really Are. It seems that who ever listed these things for sale in my eBay shop had also updated all of my profile information. So when the support person, Samantha, asked for my address it didn't match. Neither did the secret code word or "mother's maiden name" type of question. The only things unchanged were the email address and password. Fortunately, eBay is prepared for this kind of nuisance. The first thing she did was 'secured' my account while we were chatting and monitored it. She told me that they trace the ISPs for every change in the system,which doesn't help overmuch since scammers know how to get through loopholes - BUT it can see that I was accessing through an IP address that I have used before, which added legitimacy to the claim that I was the 'real' owner of the account (since this is the IP on record for purchases, feedback, etc.). And when all of the standard questions failed, she went back into my purchase history and asked me about an item that I bought several months ago -- something that was no longer publicly listed. I had to give her a few specifics of the item (what was special about it) to prove that I actually bought it, which was an interesting Help Desk experience. Then she lifted some of the security on my account so that I could update my password -- and the password was already changed! Which means that Mr. Scammer McFartface was logging in while tech support was monitoring my account. So she held me off for a bit and then had me go back and update my info. It felt so "to catch a predator"... I was hiding in the back (chat)room while she lured in the perp. Did she offer him lemonade and then confront him with ISP transcripts? That would be awesome.

Overall, it was no big deal. I spent some time with Tech Support. I changed all my passwords for everything on the internet. Which means that I won't be emailing for a few days because I can't remember my stupid password to log in.

If this happens to you, there is a new eBay hijacked account report mechanism. Also, check out CouldaBeenWorse's tips for dealing with a security breach on eBay.


Blog Widget by LinkWithin