Tuesday, March 27, 2007

My EBay account got hacked today

Some of the emails I got after ebay detected fraud on my account and rolled it back

I got an email at 10.45 am from eBay this morning saying my account password had changed. I actually took this seriously and I examined the email to see if it was phishing. It did contain both my eBay account name and my real name. But when I went to the eBay website and checked my account it seemed that my email address was unchanged. I decided to ignore it. I got the same email again at 10.46 and 10.59. I ignored these later emails.

At 1.18 pm I got an email with subject ‘A26 TKO NOTICE: Restored Account‘. EBay had rolled my account back to its previous state. I was then able to reset my password. When I was at home I was able to fully restore my account by clicking on links that caused me to get a computer phone message on my home phone.

I had definitely not fallen for any scams so my account was broken in some way. I had a not stupid but not particularly good password. I now have a much better password.

The scammers had used my account to list about 30 items for sale, and to bid on about 20 others. They wouldn’t have been able to use my credit card as that is behind a different (paypal) password. Why then did the use my account to bid for things? I’m not sure, though there all sorts of tricks people pull with canceled bids. Perhaps they aim to make money with the sales and the bids are just a smokescreen.

So what did I learn? Well it is worth having a strong password. It is worth paying attention to emails from eBay, especially if they are about a change of email address. I was impressed with the way eBay handled things. I don’t know how they detected the fraud, but they were able to deal with it with automated systems. The calling a home number is a clever touch.

1 comment: