Question:
He may – may – have tried to open my ebay account since he could have clicked the drop-down for ebay and not noticed it dropped down to my account. That could have triggered something. Ya think?
I don’t think so. If that were the case, then anytime I mistype my password I should be getting an email from eBay? — Ty Who is mostly just a slightly skewed Donna Reed A patriot must always be ready to defend his country against his government. –Edward Abbey
Response:
That’s what I don’t get either. Tony went separately to the eBay pages and logged in, like he should. Was he already compromised? Was the email legit?
I think the email was legit. All phish emails have to contain a link to work. ef
Response:
What really confuses me is that I never opened any link in the bogus email. There was no link. Give me a little credit here….I’ve been doing this long enough never to click a link in a doubtful email.
I used to handle this sort of problem when I worked for AOL. I’m *real* familiar with what not to do. And last year I got a very simple sounding phish about a TOS violation on AOL and in a moment of distraction clicked the link and logged in. Realized about 1.3 seconds later what I’d done, backed out, and immediately changed passwords. It happens, even to folks who know better. — Ty Who is mostly just a slightly skewed Donna Reed A patriot must always be ready to defend his country against his government. –Edward Abbey
Response:
I’m not absolutely sure that the bogus email caused the problem.
What makes you say the e-mail was bogus? It seems to me that it was legit. It told you that your password had been changed and this turned out to be true. When your password is changed, eBay always sends you an e-mail, so if you didn’t get another one then this must have been it. Obviously something strange happened but it seems that this e-mail was the result, not the cause.
Response:
He may – may – have tried to open my ebay account since he could have clicked the drop-down for ebay and not noticed it dropped down to my account. That could have triggered something.
Ya think?
Response:
Tony went separately to the eBay pages and logged in, like he should. Was he already compromised? Was the email legit?
:::cue organ music::: Tune in tomorrow for the next episode of "Days of Our eBay". Brought to you by Trix. Trix are for kids. Loren
Response:
Brought to you by Trix. Trix are for kids.
They are what my sister had to turn to support us after mom and dad tossed us out over the sax and drum playing.
Response:
Brought to you by Trix. Trix are for kids. They are what my sister had to turn to support us after mom and dad tossed us out over the sax and drum playing.
Did she use her Lucky Charms? I’ve heard they’re magically delicious. Loren
Response:
Did she use her Lucky Charms? I’ve heard they’re magically delicious.
She went under the nickname KFC for a while because it is, well, you know.
Response:
Which indicates either the letter is legit or someone has snarfed your account. Same thing, no? The letter says "someone has snarfed your account."
Uh, yeah. Which is pretty much the point I was making. — Ty Who is mostly just a slightly skewed Donna Reed A patriot must always be ready to defend his country against his government. –Edward Abbey
Response:
Which indicates either the letter is legit or someone has snarfed your account.
Same thing, no? The letter says "someone has snarfed your account." Go to http://eBay.com If you can’t log in, use the forgotten password routine. If you don’t get the forgotten password e-mail, contact Live Help. That’s the process in any case — the question of whether the e-mail is legit or not may be a clue as to what happened here but it is irrelevant to what you should do.
Response:
What I don’t understand is that I didn’t log in from the email. There was no link. I logged in separately. How would a phisher make the jump? That’s the part that’s new to me.
That’s what I don’t get either. Tony went separately to the eBay pages and logged in, like he should. Was he already compromised? Was the email legit? Lumpy — In Your Ears for 40 Years http://www.lumpymusic.com
Response:
OK, this is a reply to all. First, I have contacted eBay, PayPal, my email account, and everyone else and changed all passwords. Everything’s working fine. No noticeable activity in any area, but it’s been a somewhat nerve-wracking process. I’m not going to post the headers here because I’ve deleted the "phish" message and I never did open it anyway. I just viewed it in the preview pane. If I hadn’t deleted it, I still wouldn’t open it to show the headers. What really confuses me is that I never opened any link in the bogus email. There was no link. Give me a little credit here….I’ve been doing this long enough never to click a link in a doubtful email. I’ve received emails from members of *this* group with links to a photo or something. I even double-check those emails to verify that I think it’s from who it says it’s from. All incoming mail is scanned by both Earthlink and by Norton Anti-Virus. I have a firewall. I’m not absolutely sure that the bogus email caused the problem. It could have been a glitch that was coincidental with the email. My son was over last night and used my computer to access his ebay account. His account worked fine. He may – may – have tried to open my ebay account since he could have clicked the drop-down for ebay and not noticed it dropped down to my account. That could have triggered something. If it was a "phish", I’m impressed. If the phisher technology has improved to the point where they can penetrate an account without using fake links, they’re pretty smart people. What I have trouble understanding is that someone can be this clever and not figure out how to use that technological skill to create some legitimate program that could make them far more money with less activity on their part. Yes, they are crooks. Still, you have to admit that they employ some impressive skills. A second observation: I contacted ebay live help to have them check out the account and help me change the password. I couldn’t get into the account to change my own password since everything came up "invalid". Live help had a waiting time of about five minutes. The help was quick, effective, understandable, and worked just fine. They assigned a new password (which I later went in an changed to one of my choice) and did the whole think in a matter of minutes. Knock eBay all you want for their inefficiencies, but they do do some things right. My son is pleased too. He won his bid on a power tool and saved about $100 (including shipping and including what he would have paid in sales tax) from a vendor that he’s dealt with before. A PowerSeller, by the way. A PowerSeller that some months ago sent him a replacement tool and credited him with the return shipping costs. A PowerSeller that responded to email within hours. Everyone rants on and on about the problems, but the system does work most of the time. We just notice the problems and take the good stuff without thinking about it. — Tony Cooper Orlando FL
Response:
Damn, I thought I’d seen everything, but this is new. I received the following: In every email software I’ve ever seen, you could have spent .8 seconds looking at the headers and been able to determine that this email did not come from eBay. But instead, it sounds like when you tried to log in you gave someone who is not eBay your username and password. That’s not a "new" phish, it’s how it’s worked from the beginning.
What I don’t understand is that I didn’t log in from the email. There was no link. I logged in separately. How would a phisher make the jump? That’s the part that’s new to me. — Tony Cooper Orlando FL
Response:
– Hide quoted text — Show quoted text – Damn, I thought I’d seen everything, but this is new. I received the following: In every email software I’ve ever seen, you could have spent .8 seconds looking at the headers and been able to determine that this email did not come from eBay. But instead, it sounds like when you tried to log in you gave someone who is not eBay your username and password. That’s not a "new" phish, it’s how it’s worked from the beginning. What I don’t understand is that I didn’t log in from the email. There was no link. I logged in separately. How would a phisher make the jump? That’s the part that’s new to me.
Post the headers.
Response:
– Hide quoted text — Show quoted text – Damn, I thought I’d seen everything, but this is new. I received the following: In every email software I’ve ever seen, you could have spent .8 seconds looking at the headers and been able to determine that this email did not come from eBay. But instead, it sounds like when you tried to log in you gave someone who is not eBay your username and password. That’s not a "new" phish, it’s how it’s worked from the beginning. What I don’t understand is that I didn’t log in from the email. There was no link. I logged in separately. How would a phisher make the jump? That’s the part that’s new to me.
If you typed in the ebay.com address, then attempted to log in using your usual user name and password, and THEN got an invalid info response, it sounds to me as if your password has indeed been changed. Which indicates either the letter is legit or someone has snarfed your account. What do the headers on the email indicate? — Ty Who is mostly just a slightly skewed Donna Reed A patriot must always be ready to defend his country against his government. –Edward Abbey
Response:
Damn, I thought I’d seen everything, but this is new. I received the following:
In every email software I’ve ever seen, you could have spent .8 seconds looking at the headers and been able to determine that this email did not come from eBay. But instead, it sounds like when you tried to log in you gave someone who is not eBay your username and password. That’s not a "new" phish, it’s how it’s worked from the beginning.
Response:
When I try to log in, I *do* get "information not valid"
And why would they tell you anything other than that? jim menning
Response:
When I try to log in, I *do* get "information not valid" And why would they tell you anything other than that?
If there’s an answer to my question there, I don’t see it. — Tony Cooper Orlando FL
Response:
– Hide quoted text — Show quoted text – When I try to log in, I *do* get "information not valid" And why would they tell you anything other than that? If there’s an answer to my question there, I don’t see it. — Tony Cooper Orlando FL
Simple. They collected your username and password with an ‘invalid’ message chaser. You’ve been had. And people wonder why phishers DON’T DIE!!!
Response:
Damn, I thought I’d seen everything, but this is new. I received the following: (addressed to my correct eBay id) In order to protect the security of your eBay account, we have reset your password and secret question. This action was taken because your password may have been compromised. Sometimes this happens when members respond to an email asking for personal information. Although those emails appear to come from eBay, they are really sent by people attempting to gain access to your account. We appreciate your cooperation in working with us to protect your account by taking the following steps. Since your password was reset, you will need to create a new password by following the instructions provided below. Until you complete this process, you will not be able to bid on or list an item. 1. Click on the "site map" link at the top of most eBay pages. 2. Click on the "I forgot my password" link located in the middle column under the
If you like this post and would like to receive updates from this blog, please subscribe our feed.