Beware New Phishing Scam via the eBay Message System

Views 15 Likes Comments Comment
Like if this guide is helpful
Beware New Phishing Scam via  the eBay Message System -
Similar Item Auction Reports from Fellow eBay Members
There is a new type of "phishing", by what appear to be bona fide eBay members via the eBay message system.

What Typically Happens?
Another eBay member contacts you through the "eBay Message System", this is a new web-based message system that eBay introduced within the past year, as it would be more secure than using e-mails.
Because it comes through the eBay system, and because it comes from another member, whose feedback, Member Profile, and User ID can all be viewed, and who appears to be quite respectable, there is a danger that you might drop your guard for a moment, click the link, and enter your user ID and password.
Within a short time, probably minutes or even seconds, your account will be hijacked.
At this stage there is nothing you can do about it quickly and effectively. Sure, if you realise you are being scammed, you can and should report it to eBay, but their responses are sooooo slowwww, World War III could start and end before they get around to taking action. When they do, they will suspend your account, and make you go through an online security awareness course before you can restart using your account. You will probably find that your ID has been changed, and although you can change it back, it will still show the scammers chosen ID on your ID record for ever.

What Can You Do To Protect Yourself?
Be vigilant
Don't automatically trust messages which come via the eBay system.
Report the phishing attempt, but don't be surprised if the response you get from eBay sounds dumb, as it probably will be.
You will probably get a response from eBay asking you to send the e-mail header, even though you have reported an eBay message system message, not an e-mail.
We recommend you keep a copy of the original message, your report to eBay, their responses, etc.
You may also try reporting it to your local police or other local law enforcement agency. You will probably not get any positive action, but then again you never know.
You could try sending a copy of all the correspondence to your local or other media, as they may be interested in knowing what action, if any, eBay take about the attempted fraud attempt. This is probably the best way to get eBay to take these matters seriously.

eBay Inaction
We may sound rather sceptical about eBay's safety and security policies, and there is good reason for this. We have reported attempted scams and frauds numerous times over the years, and in almost every case, we never fail to be amazed at how little eBay do about them, and how slowly they act. It also tends to be quite difficult to report the problems. For example, when reporting the above two phishing attempts, we found there was no "report phishing attempt" option in the reporting procedure, which is why we chose to use a report suspicious e-mail option instead.


Examples
Partly as an experiment, we will give the user IDs of any members using this technique. We believe eBay discourage this in their Guides, but as each member was making clear and indisputable phishing attempts, we believe it is correct to "name and shame" them.
Any readers of this guide can also use eBay's "Find a Member" facility (via Search - Advanced Search), and see whether eBay close their accounts, and how long it takes them.

Member Profile for sandwich_board
We note there are 23 "no longer a registered user" sellers amongst his 105 feedbacks. This would appear to us to be a suspiciously high number.
Our suspicion is that his membership is a "front" used to send phishing emails.

horacio.e
Member Profile for horacio.e

tfbasic   
Member Profile for tfbasic

w_p
Member Profile for w_p

erinlovesnick!
Member Profile for erinlovesnick!

djec1968
Member Profile for djec1968

Keep Watch
It will be interesting to watch these accounts, and see whether eBay remove them, and how long it takes. eBay make a lot of noise about protecting their users, but in practice, it is quite hard work to report suspected fraudsters, only to find that eBay take very little action. We mention this fact not to knock eBay but to attempt to spur them into action.

Two Identical Questions?
For our item:
2006 China Gold One Ounce Panda 500 Yuan Renminbi Mint  (160094529445)

We received 2 questions which were identical except for the member IDs:

Hello, My name is Glenna Tillson. I just saw this item of yours and I remember seeing the same item two days ago, take a look:
http://3392319564/ebay/?ws/eBayISAPI.dll?ViewItem&item=200085847636
From: phoenix-dancer (1)

Hello, My name is Kylee Throckmorton. I just saw this item of yours and I remember seeing the same item two days ago, take a look: (aitch te tee pee) http://3392319564/ebay/?ws/eBayISAPI.dll?ViewItem&item=200085847636
From: hill88600 (85)

We strongly suggest you do not even try either of these two links!

What goes on?
The simple answer is that we don't know. Whether eBay knows and is not telling, we also do not know. The responses we got from eBay were so pathetic, we have not even bothered yet to report the latest two phishing attempts, and there lies a great danger for eBay and its members. If members get used to eBay inaction and incompetence, members will stop reporting spoofs, phishing attempts, fraudulent listings, and other undesirable events. From then on, eBay could spiral down out of control.

Three Possibilities
Trying to answer our own question above, we can think of three different scenarios.
1)   The members asking the questions are party to the phishing attempts, possibly paid a commission for each result.
2)   The members asking the questions have had their accounts taken over (hi-jacked), and it is the crooks who are operating them.
3)   The crooks have a way of hacking into eBay's servers, and sending out questions using random, but real user IDs.
We have seen an article in "The Register" which seemed to suggest that the last case is the actual one, but the article failed to explain sufficiently how it was happening. One thing it did make clear is that eBay appear to be doing nothing about it, although for all we know they may be working desperately behind the scenes to solve the problem. Or it may be that they still have their head in the sand (or somewhere else) and have not yet realised the problem exists.

Was This Guide Useful?
If you found this guide interesting, informative or useful, please spare few seconds of your time to vote for it by clicking on the "Yes" button below, thanks.

Other Guides
You may be interested in viewing our other guides:-

CGT Capital Gains Tax Exemption on Gold Sovereigns Britannias UK Coins

How to Photograph Coins - Advice, hints, tips & more...

1780 Maria Theresa Silver Thaler Restrike Trade Coin

Krugerrand - One Ounce Investment Gold Coin

Buffalo - 9999 Fine Gold US Bullion Coin - 24 Karat Au

Pink Diamonds - One of Nature's Rarest Gemstones

Sniping - Is It Good Strategy or Tactics for Winning eBay Auctions?

£2 Two Pound Coins Queen with Necklace Rumour & Facts

Winning Auctions - Or Spending Money?

Definition of Investment - VAT Exempt (Tax Free) in UK & EU

Second Chance Offers on eBay - Should You Use Them?

Spellings - Is Good Spelling Important - A Few Howlers

Famous People (Celebrities) Who Collected Coins

Heads Upside Down on Coins - Medal & Coin Alignment

Identifying Coins, A Brief Guide to Help Identify Coins

BNTA - The British Numismatic Trade Association

Gold Coins Which Are Not Gold - Including German & € Euros

Postage Packing Shipping Insurance Charges - Fair or Excessive?

The Difference Between Proof and Uncirculated Coins

London Gold Fixing Price

Gold Bullion Bars For Investment

Author & Copyright Notice
This page was written by Lawrence Chard of Chard Coins

Have something to share, create your own guide... Write a guide
Explore more guides