I’ve been active online since 1988-89 when I got my first Prodigy account. It was bound to happen sooner or later.
I’m still not sure exactly how it happened. I checked my email this morning and this was the most recent message:
Dear [my ebay username],
Your account may have recently been used for fraudulent purposes. For this reason, we have temporarily suspended your account to protect your online security.
If you think that your account may have been tampered with, please contact our Live Help team immediately. To reach the Live Help team:
1. Click the “Live Help” link at the top of most eBay pages. An “eBay Live Help” chat box will open.
2. Click the “Account Security” link. A “Securing Your Account and Reporting Account Theft” Help page will open.
3. Scroll down to the bottom of the page.
4. Click the “Live help” link.
Right underneath it was another email.
We have temporarily disabled the automatic payment of your invoices. We’re sorry for the inconvenience, but we’ve taken this action to ensure that you’re being charged only for amounts that you actually owe.
If you’re not currently an active seller, then our action should have no effect upon your account and the following information is for your information only.
Even after both of these emails, I didn’t immediately believe it was for real. I assumed it was a phish, trying to get me to log in and “verify” my account.
Sure enough, I went to ebay.com in my browser, attempted to login and got a message that my account was suspended for fraudulent activity.
I go back to my inbox and see 5 “Your ebay listing is confirmed” for Louis Vitton handbags. All 1-day auctions with Buy It Now prices. Amazingly enough, those listings happened around 5:20 am and the email from ebay advising of “possible unauthorized account use” arrived at 5:46 am. Whatever security measures ebay has in place to detect this kind of thing happening seems to have kicked in quickly. Even so, 2 auctions had buyers.
First thing I did was change the password on my email and PayPal accounts. It doesn’t appear there was any unauthorized activity on either, but it seemed the logical first move. Then I “spoke” to ebay through Live Help to confirm to them that I wasn’t the one who placed the auctions. They reactivated my account, having me set a new password and they cleaned out everything the crooks may have done. I hope. ebay support says that the PayPal account for the auctions wasn’t my PayPal account, which for all I know may have been what tipped off security.
I think I was lucky. Looks like the thieves were looking for the easy score of the “Buy It Now” listing which they could only get from an account with some feedback history. I first registered for ebay in March 1999 and have a 91 100% positive feedback rating. I also don’t use the account that often, another factor that may have made it an easy target.
I would just like to know how it happened. I’m assuming that because I had a relatively weak password (stupid, I know) they somehow guessed in. I don’t use that password anywhere else. In fact, for the last few months I’ve been using the outstanding 1Password to make sure my passwords are strong and not easily guessed for sites that have personal/financial information. I know they didn’t get my login information from a phish, and I don’t think my email has been compromised.
20 years online and this is the first time this has happened to me. I hope it’s the last.