[zotjen]

Today I received an email that looked like a legitimate payment notification from Ebay. It indicated that a buyer had won an auction of mine for some toner cartridges. Of course I immediately questioned this since I wasn't selling any toner on Ebay.

I thought perhaps the real seller's Ebay user ID was similar to mine and the buyer had somehow sent payment to me by mistake. To find out who the actual seller was, I clicked on the auction link provided in the email. It opened up another window with the Ebay sign on screen. Like a dummy, I entered my Ebay ID and password without even thinking about. Of course it didn't bring me to a page for the item in question.

I then thought of two things. One, clicking on an auction link should bring you directly to the auction page withough needing to sign on to Ebay. And two, the email address I received this under isn't even the address associated with my Ebay account.

Upon realizing my stupid mistake, I immediately changed my Ebay password as well as my PayPal password which was only slightly different from my Ebay one. Given the fact that someone has my old password, is it possible they can still do any sort of damage with it? Of course I'm also paranoid because I use the same password for some other sites, so I'll probably be changing my password on them as well.

 

[smuh]

Quote:

Originally Posted by zotjen Given the fact that someone has my old password, is it possible they can still do any sort of damage with it?

No! As you changed it directly after your entered your credentials.

Quote:

Originally Posted by zotjen Of course I'm also paranoid because I use the same password for some other sites, so I'll probably be changing my password on them as well.

Good idea, otherwise we might find "you" selling some toners here on head-fi

 

[wakeride74]

Ebay and Pay Pal will always address you by name in emails. Did the suspect address you by name or username?

 

[Big D]

Also ALL messages ebay sends to you will appear in My Messages on your ebay page. If it isn't there ebay didn't send it. Always log in and reply using the My Messages console.

 

[Edwood]

Always always always open a new window separately and manually enter eBay's address (or use a bookmark) and log in through there.

Same goes for PayPal, and don't forget to use "https:" as well.

-Ed

 

[XxATOLxX]

I almost fell for a Phising scam today too. These spam emails are even getting into my mailbox instead of spambox

 

[Veniogenesis]

I've received daily EBay phishing scam e-mails since two weeks ago... although I don't have an EBay account!

Advanced mal-script bots are capable of immediately using your submitted password to automatically log into EBay (the real one) and change your password to something else. Very scary indeed. Hopefully most phishing scammers aren't that smart.

 

[Naga]

i got one for an account w/o a paypal acct attached, and i reported it to Paypal immediately

 

[Sovkiller]

Don't feel bad, I fell about two weeks ago in one from Amazon, to make the story short, I needed even to replace credit cards, etc...just in case, there was no damage till now but...that happens evne to the more experienced wolfs in the net, just to be extra carefull and avoid acting as a machine is my advice...

 

[mbriant]

Be sure to notify ebay of this scam ... if nothing else, to clear your name in case they attempt to use it for other illegal purposes.

 

[AlanY]

I've noticed more and more "fake" auctions by people using hijacked eBay accounts. Last week there was a Meridian 563 that I almost bid on, until I realized the seller (who had quite a lot of positive feedback) hadn't sold an item for the last two years. Warning bells went off. When I did a search through past auctions I realized the pictures were taken from another (legitimate) previous auction for a Meridian 563. I'm glad I didn't bid, but someone probably got taken for more than $1000 on that auction.

 

[socrates63]

Quote:

Originally Posted by zotjen Upon realizing my stupid mistake, I immediately changed my Ebay password as well as my PayPal password which was only slightly different from my Ebay one. Given the fact that someone has my old password, is it possible they can still do any sort of damage with it? Of course I'm also paranoid because I use the same password for some other sites, so I'll probably be changing my password on them as well.

Don't feel too bad. At least you better secured your accounts than before. I'm also guilty of using the a single password at multiple sites. I think I rotate 3 or 4 passwords for most of the sites that I transact with.

 

[pne]

I've fallen for one once too, even after warning my friends not to fall for these. sometimes you're just following routine and don't think anything of it!

 

[zotjen]

Another give away I missed that this was a scam was that the email was dated September 30th.
Quote:

sometimes you're just following routine and don't think anything of it

That's just the thing. My routine is to usually scrutinize these types of emails. The reason I wasn't thinking about it was because I has just ordered a pair of UM2s and my mind was in La La Land thinking about them instead. So you see, it's all Head-Fi's fault!

 

[MintGreenGoblin]

I love those scams. I go to the site and enter in all kinds of vulgarities into the name and password form. Then I refresh and enter in as many fake names and passwords as i can before I get bored.