I am writing this guide because I recently experienced the effect of having your Ebay account used by a third party without your consent.
I thought I was updated on phising and spoof e-mails. I even did the tutorial on spoofs and phising e-mails. Passed with flying colors aswell. So that meant I was fully aware and I would notice a fake e-mail when I saw one. No such thing.
I was caught of guard when I recieved a message from another member saying they are interested in my item but saw another one just like mine. Link underneath the message. Without thinking I clicked the link. An official looking Ebay page came up and I had to fill in my details again. I did all of that without any bells going of. Sometimes you will get signed out of Ebay and you have to fill in details again. Didn't get anywhere when I filled out my details so I assumed it was a glitch in the program and forgot all about it.
Carried on as usual for days until I got the message from Ebay saying my account was used by a third party that day and they send out e-mails to other members in my name. I was in total shock. I didn't even notice it.
I followed all the steps Ebay suggested in a e-mail. I had to change all my passwords to Ebay, hotmail and Paypal. The biggest concern was Paypal for me. I verified my account with Paypal and that meant people could actually access my bank account. Called my bank and they blocked my card straight away. Luckily for me I use different passwords for every online account or e-mail address. So no harm was done except I had to wait for another card to come through and learn yet another pin code.
I contacted Ebay to see whether any off the affected Ebay members would be made aware of the fact the message they were send was a spoof e-mail. Ebay did assure me that was the case. Turned out they either missed a few members or these members didn't read the mail they got from Ebay. I was flooded the next day with messages from members wondering what I was sending them and what the reason was behind them. I informed the members that my account was misused by a third party and they sent unautohorised e-mails in my name. I also included not to click the link and if they did and filled out details please change them immediately. After the 5th message I recieved from an affected member I decided to mail all the recipients this tird party had send a message to and warn them just in case they missed the e-mail from Ebay or didn't get one. That was a good plan but it didn't work. I exceeded my limit on sending messages because of the amount of messages been send that day. I couldn't even warn them unless they contacted me first.
Most of them reacted with understanding and most of them were also smart enough to not click the link in the first place. But the odd one did and had to change everything too.
Everything is back to normal now but it did frighten me a lot. One moment of unawareness causing this much trouble. I am still very weary when I sign in to Ebay. I downloaded their Ebay account guard tool bar so I can see whether I entered a phising site or not. It did put me at ease a bit but it will be a while before I completely enjoy Ebay again. It is very sad and disturbing hackers are constantly trying to make things difficult for the majority of honest people on Ebay and everywhere online. Unfortunately it is a fact of life and you need to be constantly aware those hackers are out there. Waiting for you to mess up.
If I can get anything through to people it is please stay aware. Don't click links and fill out you details if you are not 100% sure what it is. Copy and paste in a new window and see where the link is taking you if you have to. Report the link if you think it is a phising link. Better safe than sorry. Don't just assume because a message comes from another member it is safe.
Here are some helpful links from Ebay pages.
On account theft and spoof mails
Link to the account guard tool bar
Hope this guide helps somebody. It seems almost worth going to all the hassle if it does.