Click here to see the entire listing in a new tab or window.
I see the hackers are not sitting this Holiday season out. Last night I found that ebaY shooting star level seller munchkinscakes08 (40878) was hijacked, and some 300 or so fake listings placed into their seller’s list. This particular model guitar (if not identical photos etc) has long been a popular bait for the hijackers. You would think that ebaY would be on the lookout for it, eh?
Once again the items included high end goods across the panorama of musical instruments, sporting goods, electronics, industrial, collectibles and more. As I post this, their account shows one last obvious fraud listing for a camera lens.
Another thing to consider here is that the seller and others hijacked will likely receive invoices for items which ebaY knows full well were fraudulent.
How the hackers acquired the password to the account is one thing. How they can list all this is high-fraud category [fake] merchandise is quite another. Thus I contend that ebaY is hacked!. Other sellers do not have the ability to list such items unfettered and unrestrained. The items were all added within about 20 minutes. Other sellers wishing to list in certain categories are subject to delays, additional verification etc.
Ebay enacted limits on sellers, along with the once highly touted “proactive fraud filters” from years past. Clearly the hijackers were able to bypass all those filters. As they always have been. Either ebaY is hacked or the hijackers have insider assistance. I can think of no other plausible conclusions. Can you?
The Modus Operandi is the same as observed in the past. The hijacker inserts an image with instructions and an email contact address for a quick deal. A deal which is always too good to be true. (Much like ebaY in general)
From there the scam can take any number of turns, such as a request to pay via fake, yet official looking ebaY invoices for payment through other money transmitter services, or even more troubling, payment requests to commercially sold fake paypal accounts. (paypal accounts which are in good standing, but registered to fake personae. Also known as “stealth” accounts)
Ebay will remove the item from their site, *poof*, then claim it never existed, and therefore the victim is not entitled to ebaY’s so-called “rock solid guarantee” of Buyer Protection.
click to enlarge images, open in new tab or window
After I made a few screencaptures, I searched the term for the Ouija guitar again and found more listed on other accounts. I also found other things which I had no idea the hackers would use as bait, nor of the value of the items, such as this vintage Barbie Doll listed on the account of ks3311
The more I searched the more I found. It was an ever increasing radius of fraudulent listings and hijacked sellers. Too much for one human being to keep up with. But it’s revealing that ebaY bots can invade the ebaY message system to detect supposed attempts to communicate about conducting transactions off ebay for rank and file ebaY members whom are engaged in the normal course of business, but they cannot stop these listings.
There are many many more hijacked listings over there right now. My advice is to avoid ebaY and find somewhere else to do your Holiday (and other) shopping which doesn’t have these persistent [non] security issues.
I’ve documented these types of account take overs for literally years now. I can say there has been zero improvement regarding this issue since way back when. Click the youtube Cappnonymous channel link on the right to see more examples.
It seems there must be some sort of zombie infestation with ebaY servers again, as undead hackers struck shooting star level sellers again. Yesterday’s victim was, … well they started the day as hankiesandmore, with feedback of 19058, and finished it as collectorsshopwithme. They still run the hankiesandmore store. I bet that was fun
Here’s a couple screencaptures, one showing the element properties of the image embedded in the hijacked listings, the other is thier seller list from the Musical Instruments category. You’ll notice there is our same ol’ friend, the signed First Run ESP Kirk Hammett Ouija Guitar, very same images and all. LoL! How could ebay let that one get through so many times? You don’t need to be psychic to know. ;p
One thing people need to understand is that ebaY is sending out invoices for these hijackings, despite the fact that they are full well aware the accounts were hacked/hijacked, and or taken over. They also use strongarm and unscrupulous methods to collect, or attempt to. Here is one such example:
EBay stole money from me stating it was “seller fees” I’ve never sold anything on EBay. Took a month to have the funds returned (I’m still waiting.) and no less than 12h on the phone with EBay a truly horrid support experience. On the phone I was well assured by several people that since EBay was at fault the large over draft fees caused when they took the money from my account without my permission over drafted my account and bounced my bills. Now they write that they will not pay for the damage they caused by their theft of my funds. They said I need to have the bank return that amount. The bank didn’t do anything wrong, EBay over drafted the account. I suppose I will be eating all of the fees that EBay caused by stealing from me. Merry Christmas EBay, would you like to explain to my children that there will be far less under the tree this year because EBay stole from us.