EBAY NIGHTMARE TODAY

[HEMIPHIL]

Has This Ever Happened To You?

This will be my first & last problem with Ebay...no more, from now on it's BST on GolfWRX. I know there are risks everywhere, but I dought what happened to me today would ever happen here...hopefully not anyway. I had a set of 2006 Taylormade Rac TP MB's (4-PW) & 2 TM Rac Black TP Wedges up for auction ending today. They ended at a total of $610.00 US. I have Apollo Hump Shafts in them frequency @300 cpm's...anyway I was also offering the winning bidder the original Rifle Flighted 5.5's & 2 Project X 5.5's for the Wedges, because the Apollo's are parallel tip, and I wanted whoever got them to have the option of putting the taper tip's back in if they so desired. I was even including 9 brass shim's. The whole set is gripped with GolfPride Red Multi Compounds, even the extra shafts were all gripped up & ready to go with the same grips. Everything matched nice. I was also going to have them bent to the winner's spec's!! ;) It's all good right? WRONG!! Here's where it get's weird...auction ends...no problem. I send winning bidder the bill for the total $610.00 + $30.00 S&H. I then proceed to send him a quick message telling him when I was planning to ship them, and for him to send me his spec's, so I could get the clubs bumped for him. After that I decide to check his feedback...WOW...94.3% a whole bunch of negative feedback...the very first one I saw was SELLER BEWARE!! Well how am I supposed to stop someone with that crappy feedback from bidding. I had all the possible blocks Ebay supplies on. So I flip back to "MyeBay", and to my suprise, and utter shock... :D **I'VE BEEN HACKED** Someone was using my Ebay ID to purchase anything, and everything!!! In less than 1 hour someone using my ID had purchased about 85 items!!! So, I'm not the most computer savvy, but I do okay. So I get in touch with Ebay Live Help...They did a great job for me. I guess they cancelled all the auctions the A**hole who was using my ID bid on...so there are some people really mad at me right now I guess. So my clubs end up not getting sold, and about 85 other peoples' items didn't either. I can't even imagine where my Feedback Score will wind up?? I think it's going right down the toilet :cheesy: ...I was proud of my 100%. I had to change so many password & e-mail links, and such it was a bit hectic. So here I am....non-computer geek :) trying to get hooked up with the Live Support...all the while illegal purchases without my concent are continuing...talk about panic. Well that's about it...Ebay support said that if I do ( and I will ) get negative feedback they can delete it , and keep my good standing. I just thought I'd give my fellow GolfWRX members a heads up. I even got locked out of my Yahoo Mail? I had to create a new account. What a pain!!! I think the buyer name was JAKEGHRIMM in Phoenix AZ, or something along those lines...I deleted the one message I had in "MyEbay"...my bad...and I think I had 2 in my Yahoo Mail I got blocked out of. I'm so disillusioned...I think I'm going to turn my computer off now, everyone had a nice evening......later......Phil.
Sorry for the length of this post. :alcoholic:

[littlepingman]

:)

 

Should have used GolfWRX B/S/T, Phil!!!

 

 

Nah. All joking aside, that is one hell of a horror story. I have already backed off of selling there after my recent headcover incident. I will still search out the deals on eBay, but I agree that it sucks having no control over who is doing the bidding and buying.

 

Good luck, and I hope everything works out for the good. :D

[stevestrike]

OK, wait... so you're the dummy who got a computer virus, or fell for a phishing scam, and you're blaming eBay and this buyer?

 

Secondly, as far as eBay goes, there IS an option to block any bidder you want, and even cancel bids from bad buyers.

 

Still, this is nothing but your own fault, I don't see how you can come here and blame anyone else.

[TM golf guy]

That happened at a golf shop I used to work in. My boss mistakingly filled out one of those stupid emails and our account got hacked. It takes so long to get in touch with those eBay live help people. Stuff like that is unfortunately becoming more common on eBay. Good luck Phil.

[kgk]

OK, wait... so you're the dummy who got a computer virus, or fell for a phishing scam, and you're blaming eBay and this buyer?

 

Secondly, as far as eBay goes, there IS an option to block any bidder you want, and even cancel bids from bad buyers.

 

Still, this is nothing but your own fault, I don't see how you can come here and blame anyone else.

 

I don't think that's fair. It's not his fault that people on the Internet are looking to use you. It's no more his fault than if someone breaks into his house, steals his credit cards, and runs around town buying stuff.

 

Now that said, I'm also under the impression that many eBay hacks still rely on dictionary sort of password cracks. It's possible the only thing he did wrong is to have a weak password.

[AcesAZ]

OK, wait... so you're the dummy who got a computer virus, or fell for a phishing scam, and you're blaming eBay and this buyer?

 

Secondly, as far as eBay goes, there IS an option to block any bidder you want, and even cancel bids from bad buyers.

 

Still, this is nothing but your own fault, I don't see how you can come here and blame anyone else.

 

I had my account hacked a few years back. Don't even know how they did it but I do not answer anything outside of Ebay. Make sure to only answer e-mails through My Messages on the MY Ebay page.

[kgk]

That happened at a golf shop I used to work in. My boss mistakingly filled out one of those stupid emails and our account got hacked. It takes so long to get in touch with those eBay live help people. Stuff like that is unfortunately becoming more common on eBay. Good luck Phil.

 

Unfortunately, it's common everywhere on the Internet. Banks, credit cards, auction sites, Paypal, etc. Someone, somewhere on the Internet is trying to spoof basically every useful thing on the web.

[CooGAR]

No offense to GolfWRX BST, but it's not like it doesn't have it's problems. I bought 4 doz. Titleist Pro-V1x from a seller and it took me MONTHS to get the golf balls from him......and I feel VERY LUCKY I got them!

 

Look. The world is full of jerks and 20-somethings that get their rocks off by messing with people. You were just unfortunate to run into one of the jerks. I wouldn't let what happened keep you from buying and selling on EBAY.

[littlepingman]

No offense to GolfWRX BST, but it's not like it doesn't have it's problems. I bought 4 doz. Titleist Pro-V1x from a seller and it took me MONTHS to get the golf balls from him......and I feel VERY LUCKY I got them!

 

Look. The world is full of jerks and 20-somethings that get their rocks off by messing with people. You were just unfortunate to run into one of the jerks. I wouldn't let what happened keep you from buying and selling on EBAY.

 

Did you make sure to leave negative feedback so that future GolfWRX members will know to be cautious of this seller?

[stevestrike]

I don't think that's fair. It's not his fault that people on the Internet are looking to use you. It's no more his fault than if someone breaks into his house, steals his credit cards, and runs around town buying stuff.

Yeah, except that if someone breaks into your house it's not your fault. But in this case, he did something to either give out his password, or to make his computer insecure. There is nothing a "computer hacker" can do that you haven't allowed them to do by mistake of not having your security setup properly. Would you feel the same if his house was robbed, but he left the front door wide open, and in a bad neighborhood? That's what this amounts to.

 

Look, all I'm saying is that since there are so many bad guys waiting to take advantage of you, you need to be certain that you are protected. If you cannot do this yourself, hire a professional. Especially if you are going to be doing online banking, eBay, or other sensitive transactions. This is 2007 right? Lock the proverbial door, people.

[stevestrike]

My Ebay account gets hacked into on a monthly basis. Ebay is alway ending listings I never posted on my account.

YOU probably have a password stealing trojan. Have your computer examined by a professional right away.

[HEMIPHIL]

OK, wait... so you're the dummy who got a computer virus, or fell for a phishing scam, and you're blaming eBay and this buyer?

 

Secondly, as far as eBay goes, there IS an option to block any bidder you want, and even cancel bids from bad buyers.

 

Still, this is nothing but your own fault, I don't see how you can come here and blame anyone else.

 

Firstly there Steve O...I'm no dummy. Not being super computer savvy is another thing. I think I do okay...but that's not the point. I'm not blaming Ebay, or the buyer. Hell, the buyer's ID was probably hacked. Didn't you read what I wrote. I had an auction running, and everything seemed normal. How was I supposed to know something like that was going to happen???? As for blocking the bidder, this guy hit my auction with about 4 seconds left. I had restriction boxes checked off blocking certain bidders. Can't block what you can't see!! Like I said before it wasn't long before someone was buying things under my ID. As for a Virus...I doubt it. I just got my computer cleaned up a couple weeks ago. Clean bill of health. I didn't fall for any scam's...I haven't been solicited for anything. I've owned a computer long enough to know what's what. My passwords my have been compromised? I don't know. So there you go...you shouldn't call someone dumb that you don't even know...that's just being ignorant dude. :D

So just exactly how is this my fault there Steve O???

[Samsquanch]

If I knew the guy I'd make sure to punch him in the face.

[mat562]

I haven't got a clue how to set up my computer to prevent my system being hacked. I'm not particularly computer-literate. Not stupid.

 

I deal with people every week who have had their high performance or prestige cars stolen through car key burglaries. My opening gambit isn't 'how have you let this happen you idiot? You must have left your keys accessable/on view/not got a proper lock on your door etc.'

 

Theft is theft. Same as hacking someone's details. Bottom line is you shouldn't do it, and those that do are thieving scum. Even if I leave my doors and windows wide open and put a sign outside saying 'We've gone out, help yourselves...' some thieving toerag has still got to walk in and help himself...

 

Crime prevention is all well and good; but the ones to blame are the thieves, not the man who doesn't lock his door.

[HEMIPHIL]

Did you make sure to leave negative feedback so that future GolfWRX members will know to be cautious of this seller?

 

Hey Chris...No my auction got blown away...it didn't even come up under the "not sold", you know just under "selling" & "sold". I got about 8 emails saying my clubs didn't sell & another 8 offering a second chance to people who had previously bid?? Man...it was bad. It was like there's this guy offering up my sticks to previous bidders at different amounts, at least it looked that way from what I saw.

[stevestrike]

Hell, the buyer's ID was probably hacked.

It doesn't work like that.

 

As for a Virus...I doubt it. I just got my computer cleaned up a couple weeks ago. Clean bill of health. I didn't fall for any scam's...I haven't been solicited for anything. I've owned a computer long enough to know what's what. My passwords my have been compromised? I don't know.

Just because you're computer was clean yesterday, doesn't mean anything for today. All it takes is visiting one bad website, or opening one infected email and it's over--you've lost the computer to the bad guys. It also doesn't mean the company who "cleaned" it did it properly. I see what you are saying--that you did your part--but this kind of stuff doesn't just "happen". I guess I'm warning you more than anything. Good luck.

 

Lastly, I apologize for calling you names. That was very rude of me.

[HEMIPHIL]

Hell, the buyer's ID was probably hacked.

It doesn't work like that.

 

As for a Virus...I doubt it. I just got my computer cleaned up a couple weeks ago. Clean bill of health. I didn't fall for any scam's...I haven't been solicited for anything. I've owned a computer long enough to know what's what. My passwords my have been compromised? I don't know.

Just because you're computer was clean yesterday, doesn't mean anything for today. All it takes is visiting one bad website, or opening one infected email and it's over--you've lost the computer to the bad guys. It also doesn't mean the company who "cleaned" it did it properly. I see what you are saying--that you did your part--but this kind of stuff doesn't just "happen". I guess I'm warning you more than anything. Good luck.

 

Lastly, I apologize for calling you names. That was very rude of me.

 

Steve...apology accepted. I guess I'll have to upgrade a few of my defences, and get my computer checked again. I was only trying to inform people...that's all. It's unfortunate that things like this happen, but I will be shying away from ebay for a while. It was a very trying afternoon. The only bright spot for me today, was my Graman UL780 X "Limey" shaft was delivered this morning. It was purchased off ebay no problems. So there you go...

[Spoon]

I haven't got a clue how to set up my computer to prevent my system being hacked. I'm not particularly computer-literate. Not stupid.

 

im on the same boat. how exactly do i prevent this from happening to my ebay account? change passwords periodically?

[ezra76]

That sucks man. Mine got hacked once and I had a whole bunch of Ipod's for sale, lol. I'm pretty sure I got my email password stolen then the Ebay one wasn't too hard to figure out after that. Someone actually changed the password on my hotmail account and I can't even get into it. I changed my email, changed my password to more characters and changed everything with Paypal. I try not to leave more than a few dollars in Paypal and don't have it connected to anything. I opened the Paypal account and then closed the bank account it was connected to. Anyway, IMO a lot of $hit gets hacked through "free" email accounts. I would consider paying for a secure one if I had anything to really lose. Keep in touch with Ebay and good luck getting things straightened out.

 

BTW- a few years ago I recall a kid showing me some software he had. He could log peoples keystrokes simply by having their IP adress. So basically all he'd need is the IP and to have you log in somewhere on an insecure place, like a free email account and he'd have the password. Don't use the same password for email and secure accounts. I also never give my email adress to anyone on Ebay and took it down from my personal info on here.

[stevestrike]

ezra76 has the right idea. You cannot use the same password for all of your accounts, because this creates the domino effect. Once the thief gets your eBay info, now they have your PayPal info, and your hotmail info. They change the hotmail password, and then redirect the PayPal funds to go somewhere else besides you! You don't get notice about this, because you can't check your Hotmail anymore. As a consultant, here is some of the guidlines I share with my clients on passwords. #4 & 6 are probably the most relevant for you guys here.

 

What should I do to protect my passwords?

The most important thing to do to protect passwords is to use good passwords.

1. Long -- A good password should be at least eight characters long. The longer the better. Passwords shorter than eight characters are inadequate today.

2. Complex -- A good password should have a mix of all the four character types, uppercase and lowercase letters, numbers, and non-alphanumeric symbols. Preferably, all four should exist in a given password. Remember, any character on your keyboard is legal in a password. Using a pass phrase and interspersing it with randomly chosen characters and spaces considerably improves the strength of your password.

3. Changed frequently -- A poster from NativeIntelligence.com has a great phrase on it: "Passwords are like bubble gum; they are better when fresh." Passwords should be changed every 90-365 days, depending on the value of the asset they are protecting and the strength of the password. If you use eight-character passwords, 180 days is a reasonable change interval. If you use nine-character passwords today you can probably leave them valid for 360 days or even longer without a problem.

4. Used only in one place -- Reusing passwords significantly increases the exposure of the assets you are protecting with the passwords. Essentially, any given asset is only as secure as the least secure computer that protects that asset. When you reuse passwords the asset is only as secure as the least secure computer where you use that password.

5. Used only by one person -- Another characteristic that passwords borrow from bubble gum is that they are much better when used by a single person. If at all possible, each user on the computer should have their own account with their own password. This increases accountability and decreases exposure for the password.

6. Not typed on untrusted computers -- A password is only as secure as the computer or network it is used on. Keystroke loggers frequently target public kiosk-type computers, such as those used in Internet cafes, conferences, and hotel and airport lounges. The instant a password is typed on one of these computers fitted with a keystroke logger, the asset protected by the password is no longer secure. Keystroke loggers exist both in software and hardware form, and range from free for many software implementations to around $25 for a hardware version that sits between the keyboard and the computer capturing and storing everything that is typed. Some of the more sophisticated ones even have Web servers that enable an attacker to retrieve your password remotely across the Internet. It is good practice to view any public-use computer, or any private-use computer that has been physically insecure, as a compromised computer. Likewise, capturing passwords on wireless and public-access networks is extremely common. There are even underground sites that trade in these passwords.

 

Given all these requirements, and given the fact that we all have many different passwords, how are we to remember them all if they are all long, complex, only used once, and so on? Unfortunately, the security industry has for years perpetuated the notion that writing down passwords is a security breach. Nothing could be further from the truth. Writing down your password is an excellent idea as long as you adequately protect the medium you wrote it on! Doing so allows you to remember more and better passwords, thereby increasing security, not decreasing it. Of course, writing your password on a sticky note and posting it on the monitor leaves it vulnerable to the binocular attack, but if you write it on a sticky note and put it in your wallet it is fairly well protected. Software products for managing passwords abound. Most simply allow you to store a password that you create; many also will enter it for you automatically on a Web site. Some of the better ones will actually generate passwords for you, creating passwords that are much more complex than what the average human would create. There are some that create the passwords on the fly from known inputs and do not need to store anything. The basic idea behind these tools is that while you retain the ability to have a single secret that protects all computers the secret is not exposed on any of those computers.

 

EDIT: At minimum, make sure you have a good hardware firewall in place (a $30 NAT Router from a computer shop is fine), have the built-in Windows XP/Vista firewall turned on, and up-to-date Anti-virus software. A good, free for personal use one is AVG http://free.grisoft.com

[kgk]

ezra76 has the ...exposed on any of those computers.

 

Great post.

[HEMIPHIL]

That sucks man. Mine got hacked once and I had a whole bunch of Ipod's for sale, lol. I'm pretty sure I got my email password stolen then the Ebay one wasn't too hard to figure out after that. Someone actually changed the password on my hotmail account and I can't even get into it. I changed my email, changed my password to more characters and changed everything with Paypal. I try not to leave more than a few dollars in Paypal and don't have it connected to anything. I opened the Paypal account and then closed the bank account it was connected to. Anyway, IMO a lot of $hit gets hacked through "free" email accounts. I would consider paying for a secure one if I had anything to really lose. Keep in touch with Ebay and good luck getting things straightened out.

 

BTW- a few years ago I recall a kid showing me some software he had. He could log peoples keystrokes simply by having their IP adress. So basically all he'd need is the IP and to have you log in somewhere on an insecure place, like a free email account and he'd have the password. Don't use the same password for email and secure accounts. I also never give my email adress to anyone on Ebay and took it down from my personal info on here.

 

Thanks ezra76...It's all straightened up. My feedback is even intact...when I go into "My Ebay", other than the 4 alerts I have, which have all been acknowledged, everything looks as though nothing even took place. I've got a whole new email account. PayPal is fine, my bank is fine. I just talked to my "Computer Tech" & I gave him the run down of what happened, what steps I took, and how everything looks. He couldn't recall of anything like this before. I'm sure it's happened to others for sure. Anyway thanks to everyone who chimed in. It was appreciated....safeguard yourself the best you can.

 

Phil.

[wkuo3]

guys,

don't leave your computer online even if it goes into stand by mode.

Shut it down completely ( switch off the cable or DSL box also ) if you're going to bed or out of the house.

try not to use auto fill ( or remember the password ), I know it'll cost you some extra effor to log on and type in pass words, but this should minimize hijacking of yopur computer.

Do not use WIFI through public router ( Starbuck, work place.....)

[ezra76]

Thanks Stevestrike. I took some of your advice and just changed my email password from 6 to 11 characters and totally different from anything else.

 

I'm glad to hear things worked out for you Phil.

[HEMIPHIL]

EDIT: At minimum, make sure you have a good hardware firewall in place (a $30 NAT Router from a computer shop is fine), have the built-in Windows XP/Vista firewall turned on, and up-to-date Anti-virus software. A good, free for personal use one is AVG http://free.grisoft.com

 

Steve...thanks for all the info. I have the latest AVG. Just finished a scan & came up empty. Firewalls are up, Pop-up Blockers are up...password changed to 8+ characters.

Plus I have other security features my "Computer Tech" added on. I've got about 6 different things running. I don't know how much more ( there is probably a lot ) that you can do to protect your personal computer? Anyways...I guess you can never have too much protection.

[stevestrike]

We like to practice "skeptical computing". Treat your online experience as if you were in a bad part of town, at night, with a lot of cash on you. (Sad, but true)

 

If you want to learn more about how these programs operate and the methods they can use to infect you, I suggest you start here: http://arstechnica.com/articles/paedia/malware.ars/1

 

These guys are reputable, and the info, while a little old, is solid.

[sanddog28]

Just to add to all of stevestrikes good info the latest trends in strong passwords are actually statements instead of just six to eight characters find the maximum allowed by the particular site your own, unfortunately a lot of sites are cheap and cut cost where they can including the space it takes to store passwords, so locate the maximum length and use it to your full advantage. If you can use a multi word phrase with spaces, the space is actually considered a special character by a staight dictionary password hacker and the use of the special characters increases the complexity of your password exponentially.... just a little help from your friendly network admins trying to keep our duffers safe from the hackers :bb2:

[retep]

Sorry to hear about that, i got an email that looked like it was from ebay as well the other day... so...

 

FOLKS! lots of phishing emails come out from paypal and ebay looking sites, etc... here are some basic rules for you...

CHANGE your password right now. All of them you can. write them on a piece of paper and put it next to the computer/in your wallet, etc...

Here are some password basics.... mix numbers into words to prevent a dictionary lookup of a password.

 

bad password: 123password

good password: 123Pa55w0rd

 

bad: driver's license #, wife's name, pet, etc...

Good: parents street name with numbers, caps, etc... grade school backwards, etc...

 

you get the idea! be careful out there!

[stage1350]

Went through this about 4 years ago. My passwords are nothing that a hacking program would ever come up with unless they wish to try every possible charachter combination on the keyboard.

 

If your password is in the dictionary, change it now.

[justyn]

Most of the major sites have some sort of password hashing going on so I wouldnt worry about a program trying to bombard a site trying to throw randoms at it. I know eBay will log any hash attempts and go after them. Whenever I design a site and a password is attempted 4 or more times I have a script that will email me the log of the attempt and will lock down the attempted account till I manual unlock it through an entry on one of my database tables, but will keep letting the hacker think that the bad attempt is just another wrong pass/username error.

 

A couple of programs to help you out with malware and viruses:

 

adaware = www.lavasoft.com free tool to remove malware, will speed up your computer if it finds tons of malware on it too.

agv free = www.grisoft.com free antivirus also mentioned before.

 

Tips:

 

if you are running windows make sure you can see all of the file extension by going to Tools/Folder Options in a explorer tool bar (not iexplore but something like mycomputer) select the View Tab then under advanced settings uncheck Hide extensions for known file types. This will allow you to see extensions on emails so if someone sent you a .exe dont open it or a .vbs. Sometimes people will send you a virus and it will have music.mp3.exe but since windows by default blocks the extension you might think it is a song.

 

if you go onto ebay and online banking at work check for a keystroke logger on the back of your computer, sometimes they can be either USB or ps2 ports. Software on your local machine is much harder to find and takes some digging around to find it.

 

Paypal, if you deal a lot with paypal you can get an electronic password key for 5.00 (I have one) and it changes to a random code that only you and the paypal system will know about and everytime you log in you have to enter the code on your device.

 

make your passwords difficult like others have posted.

 

*********************Important***************************

If you are on a website look at the URL that you are attempting to log into for example https://ebay.somesite.com is not a valid website or http://login.192.168.1.1 always look for the eBay domain in the URL like http://login.ebay.com the logins will always be ebay.com or paypal.com and never an IP address or anything else.

 

***edit

 

if you have a router make sure you enable your firewall and DO NOT allow remote access. you should also disable remote help on windows machines.

 

I am sure there is tons more that I have left out that others can help out with.