Is It Safe to Shop On Ebay? What's Going On?

Share: Email Story Twitter Facebook Stumbleupon Add to Any
by Art_By_Alida | March 9, 2009 at 09:59 pm
756 views | 63 Recommendations | 14 comments

Photos

Ebay logo | Photo 05

Ebay logo | Photo 05

see larger image

uploaded by Art_By_Alida

March 10, 2008

Alida Antonia Cornelius



Is it safe to shop on ebay?

 This past week I purchased a couple of harnesses for my pup. I like the old type with the real metal buckles and not the new plastic kind. My dog has already destroyed a beautiful hand made harness a friend gave me. One quick bite and the plastic buckle was broken and the harness was history.

 I had resorted to ebay because you can't find the type with metal buckles in pet stores ANYWHERE anymore. 

Okay, maybe you can find them somewhere, but I have looked in every store in Madison, Indiana and no one carries that type of dog harness. And I couldn't even find them online at dog supply stores. Not even on Pet Smart's site.

 So, if you can't find what you are looking for anywhere else, odds are you can find it on ebay.

 And sure enough, I found two. And for a great price.

 As usual, I paid for them with paypal, as is the method of paying for items on ebay.

 Today, the harnesses were in my mailbox. Two red dog harnesses with shiny metal buckles.  "Aha!" I said to myself, "let her try and destroy these beauties."

 However, a very strange thing happened.

 At 10 PM, I get an email telling me that the seller had shipped them out today and to click on the link to check out the shipping details.  The email contained the exact details of the transaction and the link in it took me to the website for the United States Postal Service. Somehow, the "phishers" had obtained a copy of the shipping email from the seller, forwarded it to me, with the CORRECT HEADER ISP OF EBAY! Now, that's the scary part.  You can't just check the header details to know if the email is a phish or not anymore.


I wondered if something was wrong...I have sold and bought on ebay before.  So, just to be safe, instead of clicking on the links, I forwarded the email to paypal and reported it as a "spoof". 

 (Don't you just love these new terms..."spoof" and "phish"? Where do they get these words? Who makes them up?)

 They replied that is was indeed a phish. A phish is when someone is trying to get your private information by sending you to a fake website where you would use your password. Then they use that information to access your account. I had also reported the email to CERT, the federal government agency and they replied to me that it was a phish and they would be investigating it.

 I have had numerous emails which I new were phishes from ebay before. I always knew they were fake. 

 But, this is the first time I ever had a phish which had all the seller's correct information, address, email address, the whole nine yards.

 Now, I am very good with on-line security. I keep up with all the lastest hacking news. I get regular emails from the federal government agency, CERT telling about the latest vulnerabilities. I have top of the line antivirus and firewall software, even though people say you don't need all that if you have an Apple computer.

 So, how did the hackers get the exact invoice of my transaction this past week?

 That is something entirely new and I think ebay's website may actually have been compromised.

 The strangest thing is that I even checked the ISP numbers in the header of the email and it said that the email WAS from ebay!

 I am waiting to hear from ebay and also paypal.

 Just two weeks ago, I finally convinced myself that I should do online banking and immediately fell in love with how easy it made bill paying. For years, I would not do it, knowing that ONE day, the hackers were going to get my information and clean me out.

 Now, I am not so sure that was a good idea.

 If you shop on ebay, and you use paypal, you better know what you are doing.

 If I had not received those dog harnesses in the mail today, even I, a veteran computer user of 25 years would have been duped.

 Here is a link to the website of Antiphishing.org where you can read about phishing and staying safe on the net. And you can also report phishes to them.

  
http://www.antiphishing.org/ 


 Remember the days when someone asked you if you wanted to go fishing?

 Today if someone asks you that, they may be wanted by the Cyber Crimes division of the FBI.

 Oh, how times have changed. 



(Please read this about the Storm Botnet.  Your computer may be infected. http://en.wikipedia.org/wiki/Storm_botnet)
 
 UPDATE MARCH 11, 2008
From what I have discovered, the first phish happened to the seller in some manner. She clicked on a link in an email from paypal or ebay regarding the sale and it was a fake. Somehow it then sent a phish to me, the buyer. However, it was a good thing the timing was off, or I would have clicked on the link to get the details of the delivery. When the hackers start messing with the United States Post Office, I would imagine that CERT is going to take an extra interest in this type of "phishing". Newer, more sophisticated DNS-changing trojans can be on computers also, which will take users to fake URLs. That could have been the case also which happened to the seller's computer. If you don't have good antivirus software and you don't update your software BEFORE you get on the internet, you shouldn't be buying or selling on any site.
That's all I know for now.

Share: email story | add to any | | facebook | stumbleupon
Paschen
Paschen
flagged this story as Eyewitness Report

at 22:05 on March 9th, 2009

This is an eyewitness report from the NowPublic member Art_By_Alida who was on the scene.

Most RecentMost Recommended Comments (14)

recommend This comment thread is now closed
1
erinrichie
erinrichie

at 01:58 on March 10th, 2009

Thanks for sharing i am always worried about buying stuff off ebay. But i still do it. but only with people with good reputations

1
Blue Crush
Blue Crush

at 04:13 on March 10th, 2009

Wow!  I use Ebay all the time, have never had a problem.  But then again, I only click on messages and links (taking me to Paypal) within Ebay.  Thanks for the warning.

1
nyctuber
nyctuber

at 05:49 on March 10th, 2009

The answer to the question is definitely 'yes' it's safe, since what you're describing was still just a phishing scam. If  your account had really been compromised, I'm sure a spending spree would have followed. Also, if I recall, it's sometimes possible to view the seller's information if they have their own page or eBay business. When you buy something off Amazon, it often links to an eBay seller with fairly detailed information.

1
Fred Miller
Fred Miller

at 08:03 on March 10th, 2009

Alida, this sentence does not say enough for others to help or investigate. I get emails purporting to be from eBay, PayPal, McAfee, Google, Microsoft.....we all do, I guess. But these are automatically diverted to the Spam folders of my Yahoo and Gmail accounts. Is this not what is happening for your email accounts ? Are you using Outlook to access your mail ? How much Spam do you receive in your Inbox daily ?

Currently I get about 2 spam msgs. per day in my inbox and about 5 in the spam folder, as opposed to 30 in my inbox and about 40-50 in the spam folder previously.

" At 10 PM, I get an email telling me that the seller had shipped them out today and to click on the link to check out the shipping details."

Have you had any luck posting a question about this with the NP Tech forums ;-)

0
harringtola
harringtola

at 05:07 on March 11th, 2009

Thanks for this information. I will surely look very carefully. If you get more info, please update the story.

0
Art_By_Alida
Art_By_Alida

at 08:34 on March 11th, 2009

I have updated the story..check out the last paragraph...and thanks.

0
Art_By_Alida
Art_By_Alida

at 07:29 on March 11th, 2009

The spam I am getting is sent by spam bots to my business website. I am going to have a Captcha installed on it, however the spambots and botnets are now able to bypass Captcha.

I can't filter my business website email for spam. I may miss an email.

I get two porno spam emails a day like clockwork, however many of the links, if you go to them, will start to download an exe file. I have followed the links to try to discover what's going on and am alerting the websites who are being exploited by the hackers. All the the spam I am getting now is coming from forums using vBulletin software.

I just got so fed up with it, I have been on a quest to discover who these people are who are trying to infect people's computers with unwanted exe programs. Who knows what's in those programs???

0
azzayindia
azzayindia

at 09:11 on March 11th, 2009

i know of  afriend in germany who bought the laptop at ebay and it turned out to be a pice of box.The risk is there

0
harringtola
harringtola

at 09:12 on March 11th, 2009

I appreciate the update. Thank you again.

0
Art_By_Alida
Art_By_Alida

at 10:10 on March 11th, 2009

Yes, I have heard of people buying what they THOUGHT was an iPhone and the sneaky sellers were only selling the BOX an iPhone comes in. The buyer didn't read the ad good enough.   Right now, the Chinese are selling jewelry they are advertising as 925 sterling and it's not 925 Sterling, it's sterling PLATED jewelry. And ebay is doing nothing to stop the practice in the USA. On ebay in the UK, the same jewelry is not advertised as 925 Sterling.

You have to be really really careful. It's best to be with someone who knows about buying on ebay and let them teach you the ropes first. Some things are not listed in the "how to" guide of buying on ebay.


0
nyctuber
nyctuber

at 15:35 on March 13th, 2009

Interesting clarification @ last paragraph. Kinda scary.

0
Art_By_Alida
Art_By_Alida

at 20:03 on March 13th, 2009

I have been researching more and more because of all the phishing attempts now continuing to come in my mail from fake ebay sites and I know that starting March 5, there has been a HUGE increase in fake DNS sites which will download a malicious exe program on people's computers. There are key logging trojans and all sorts of viruses spreading around.

One has to be careful and know what they are doing.

Buying on the internet is something one must learn to do safely.

0
weddingjewelrydesigns
weddingjewelrydesigns

at 09:42 on July 8th, 2009

You've just convinced me to find out about placing a CAPTCHA on my new site, WeddingJewelryDesigns.com - -

It's just too frightening out there - 5 days after I'd opened the site, someone put malware on it, and google reported the site as unsafe - It took my webhost 2 days to clean it up!  Just terrible.

0
SkyBee
SkyBee (not verified)

at 01:30 on August 17th, 2009

Why you worry about? If they got good reputation and resume - with like 98% to 100% with a few years seniority - it is safe. I always buy from that kind of sellers.

ALSO - I feel safe to buy from sellers which using "big" systems, such as Selling Online solutions from "Plimus" - I know the reputation is ENOUGH.

This story was created over 3 months ago, the comment thread is now closed.

in , , , , , , , , , , , , , , ,

What is NowPublic?

NowPublic lets people work together to cover news events around the world.

Find out more

Crowd Power

Paschen
First Flagged at 10:05 PM, Mar 9, 2009 by Paschen
These members have powered this story:

Related Stories

Recommendations (63)

Most recently recommended by:

Show more

Track this Story

 

closeSign in to NowPublic

Not a member?

JoinIt's free!

is reporting from
Member
NP Rank: