There’s been a recent uptick of hacked, hijacked accounts on ebaY, and as usual they’re not doing too well protecting the community and certainly not the victims.
The modus operandi is the same as it has been for years; hackers gain control of an account and place images within the listing advising offsite transactions. Usually they will make everything look ‘official’ by purporting to be working with ebay’s protection department or similar phrases. This is also known as Account Take Over or ATO.
This weekend we have a some representative victims, one, anitahaveit2 (13383) is a shooting star level powerseller, the other gangsu2007 (111), a small seller. There could be any number of more victims and fraud listings. That’s one advantage of having 190 million + listings on the site. It makes the fraud harder for people to spot.
Note the items listed on both the hijacked accounts are identical. Also note the image containing the bogus instructions in gangsu2007’s listings purport ebaY Buyer Protection. Rest assured if you fall for the scam, you will not be protected. Rather, ebay will make the listing vanish, claim it was never on their site, and that you conducted a transaction outside ebaY, and therefore you are not eligible for any protection.
(images open full size in new tab or window)
Now as to how the hackers gained access to the accounts, phishing or other similar trickery may possibly explain that, however, as has been continually pointed out, phishing does not explain how hackers are able to bypass the fraud filters, seller limits, limits for high fraud rate categories, dollar amount and/or brand name limits and a whole host of others, even secret ones, which the ebaY seller community has experienced.
So far as I can tell, there are only two plausible explanations for this long recurring phenomena; One, ebay is hacked, or two, the hackers have insider assistance. If anyone is aware of other possibilities, comments are open.
On ebaY’s Trust and Safety forum these incidents have been reported and it’s very telling. One thing which may escape the reporting parties is that they will likely be repaid for their efforts to protect the ebaY community or ebaY’s virtue with stalking, drive-by character assassination, various social engineering ploys or attempts (LoLz!) Perhaps even a DdoS attack should they happen to open any webpages exposing sleazebay. I’ve watched, and lived through many such events.
The very best course of action is to not complain to ebaY. Instead focus your effort upon persuading others to never use the site. Not ebaY, not Paypal, not any site owned by or connected to them.
But the fact remains that some of us have been warning and/or educating people for years- literally. The good shepard ebay is still sending it’s flock to the good butcher, and still doesn’t care to do anything but bury the fraud, belittle or harass those who dare expose them.
For those intent on staying even as the site is more unsafe now than ever before , guess someone should have listened, eh? Are you listening now?
You could learn alot from some dummies.
This ^ is for anyone who has ever criticized or exposed ebaY and felt their wrath.
Don’t worry. We shall be Vindicated. ;p