Ebay Scam & Identity Theft

If you've purchased or sold anything on eBay more than a couple times you've probably run into eBay's rigorous security and SafeHarbor teams. Several months back I cleaned through my garage and found a bunch of old audio equipment I no longer used. Rather than toss into the dumpster, I took some digital photos, wrote some basic copy and posted a half dozen listing on eBay.

The bids started rolling in. While my vision of getting rich on eBay was far from reality, I was just happy to get rid of old junk — and get paid. Questions from potential buyers started filling my eBay email box. And the bids kept inching upward.

Then it happened. eBay shut my account down. They sent a letter claiming they thought someone had hijacked my account. They cancelled my listings and left me hanging there. After finally using their online real-time person-to-person help system I got to “chat” with Cameron. Cameron explained that they have certain criteria that flags accounts when suspected abuses occur. They apologized and activated my account and agreed to send a letter to all the bidders on my items explaining the mistake. But the damage was done. I relisted my items and eventually sold. But the initial fervor and excitement of selling on eBay was a faded memory.

Until yesterday that is. I got an email from eBay stating that there was an error on my account:

For security reasons, your eBay account has been blocked due to several unsuccessful login attempts, made by you or someone else. As a result, your access to buy or sell on eBay has been restricted. According to our site policy, you will have to confirm that you are the real owner of the eBay account. To reactivate your account, please click the link below, fill the eBay verification form and then submit as we will verify your identity and reactivate your eBay account. Your account will be fully functional immediately if the submitted information will be successfully verified.

Click here >> http://cgi.ebay.com/ws/eBayISAPI.dll?AccountUpdate?ID=54345622773

Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

So like a good and obedient eBayer, I clicked the link and was brought to a landing page that stated:

We have been unable to verify your credit card. Please update your account information.

The page was formatted exactly like the “My eBay” page on the eBay site. So I started completing the form. But then something seemed funny to me. Something odd. Not right. The form asked for my ATM PIN number. Odd, I thought. Then further review and I discovered the address of this site was simply an IP address. While sometimes sites might point you to a page that lands you on an page absent of DNS and lands on the home of some IP address.

I immediately cleared the form and replied to the email explaining that I would not verify anything over email and requested anyone contact me via phone. I revealed the email header information of the original email and sent it along to the eBay reply to e-mail address.

This morning eBay replied to me:


Thank you for contacting eBay's Trust and Safety Department about email
solicitations that are falsely made to appear to have come from eBay.
These e-mails, commonly referred to as “spoof” messages, are sent in an
attempt to collect sensitive personal information from recipients who
reply to the message or click on a link to a Web page requesting this

The email you reported did not originate from, nor is it endorsed by,
eBay. We are very concerned about this problem and are working
diligently to address the situation. We are currently investigating the
source of this email to take further action. You may rest assured that
your account standing has not changed and that your listings have not
been affected.

We advise you to be very cautious of email messages that ask you to
submit information such as your credit card number or your email
password. eBay will never ask you for sensitive personal information
such as passwords, bank account or credit card numbers, Personal
Identification Numbers (PINs), or Social Security numbers in an email
itself. If you ever need to provide information to eBay please open a
new Web browser, type www.ebay.com, and click on the “site map” link
located at the top of the page to access the eBay page you need.

If you have any doubt about whether an email message is from eBay,
please forward it immediately to spoof@ebay.com and do not respond to it
or click on any of the links in the email message. Please do not change
the subject line or forward the email as an attachment.

If you entered personal information such as your password, social
security number or credit card numbers into a Web site based on a
request from a spoofed email, you need to take immediate action
to protect your identity. We have developed an eBay Help page with valuable
information regarding the steps you should take to protect yourself. […]
Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that eBay remains a safe and vibrant
online marketplace.

eBay SafeHarbor
Investigations Team
Your Personal Trading Community ™

While eBay is after the demons of identity theft and spoofers, it appears that Tiffany is after a bit of eBay. It is suing eBay claiming that sellers are hawking Tiffany jewelry for much less than the true value of said jewelry, Tiffany claims that eBay isn't doing enough to verify fraudulent, pirated or otherwise “spoofed” brands, counterfeits that are merely bad copies. Though to me eBay is merely a digital classified ad much like your local paper or Pennysaver. The newspaper can't verify the origin of everything someone sells through their classified. This will be an interesting lawsuit to watch. It could change the way we do business online.