Well they can cheat other people based on your good reputation. That is bad enough as far as I'm concerned.

Someone who has hacked your ebay account can also bid in your name, which leaves you stuck with the contract to purchase if "you" win. This can be tricky and difficult to get out of.

If you suspect your account has been hijacked, immediately or sooner change your password. Then immediately or sooner after that contact ebay and let them know.

Over the last month I have gotten about 5 emails supposedly from eBay saying that my acocunt has been taken over and to log in and take care of it. See - problem is I do not have an eBay account, and if I did these emails have come to an account that I would not use for eBay.

Not to say that your account wasn't hijacked, but I think someone is sending out phishing emails in bulk in hopes of getting some information (ebay does require CC info these days) because of the buying (Holiday) season that is here.

Never even open those ebay emails. phishing attack. ebay said that they never send emails like that out.

I was just thinking of getting on to ebay. I think I'll wait now.

After chatting with eBay my account is back to normal.

They can't (or most likely won't) tell me how this person was able to list things under my account. I never responded to any emails etc. Whoever did it did not take complete control since I was able to log in to my account - really strange. I've since read about people trying to log in only to find their password had been changed by the offender! One story mentioned hackers using a program that somehow "scanned" (their word not mine) eBay accounts looking for password combinations etc....

Anyway, I changed my password just in case and eBay took care of the rest. I checked my PayPal account just to be sure but it was fine.

>>>One story mentioned hackers using a program that somehow "scanned" (their word not mine) eBay accounts looking for password combinations etc<<<

There are a multitude of programs out there that will just try to get into accounts using automated scripts. All they need is a user name or active email addy. I am not sure about the mechanics of it all on the server side but I know many servers and ISP's now have tools in place to prevent any sort of "auto login" programs. Network Solutions is one of them - you have to enter in a random number/word before full log in will happen. Others sites will disable log in after 2 or 3 failed log in attempts. You would think eBay would have something like this in place long ago.

e-bay is actuatly safer then using your CC for groceries. :) Or anything where you physically let your card leave your hand for that matter!

American Express only allows you threee wrong logins before they block your IP from logging in for X ammount of minutes. Nice & bad at the same time. :)

Some people also don't realize what passwords you can do. Windows servers really limit you on your password varity (relatively speaking), but I know Yahoo allows spaces in passwords & seems to at least have a 17 chars (haven't tried more). Paypal allows quite a bit too.

Sometimes a sentance is a better password then a fwe letters & numbers.

Back when i was in the ISP business i was appalled at how much trouble customers had choosing good passwords. They all wanted to use their spouse's or pet's name. I'd try to make helpful suggestions. Sometimes if they brought their kids in with them i'd have each kid say the first word that came into their heads, then string the words together for the password. We'd get things like "nintendochocolate" or "mudfurby", which is a whole lot better than "mary".

Now when i set up new accounts at work i assign randomly generated passwords to everyone, even the CEO, and they'll take it and use it whether they like it or not. No more of this "what would you like for your password?". I hand them a standard form with their account information and something like "a7ie2K9" already filled in the password blank. Yeah, there's some grumbling, but if they want their paycheck they'll use their email and network accounts, and the only way to do that is to use the password i assign. Said in my best Mel Brooks accent ... "It's good to be the System Administrator!"

My favorite way to setup a password is to mash the keyboard for a few seconds, then highlight the max & of chars available, at random. :)

Just thought I would pass this on - so today I log onto an account and I have 4 emails from "PayPal" saying that my "service has been limited" because my account was "randomly selected" for maintenance. Than the email goes on to say that "We recently received a report of unauthorized credit card use associated with this account" and that I will "now be taken through a series of identity verification pages"

Not only that there was a virus attached, at least according to the virus scanner at hotmail.

So, yeah, as I said before - I have no PayPal account. Headers on the emails come from various places: one was sent from "kichimail.com", another from "finklfan.com", another from "google.com" and the last from "evafan.com" all of them have a "return" of "service@paypal.com"

The best thing to do may be to forward each message to spoof@paypal.com.

That way they can hopefully stop each of these bastards earlier rather than later.

So, yeah, as I said before - I have no PayPal account. Headers on the emails come from various places: one was sent from "kichimail.com", another from "finklfan.com", another from "google.com" and the last from "evafan.com" all of them have a "return" of "service@paypal.com"

Just to be clear... the emails you are getting here are just the normal "phishing" emails that are out there. Nothing special is going on here. Also... they are almost certainly NOT comming from the accounts that you mention. Anyone can "fake" the email addresses (either the FROM and/or the Reply to) - in fact every single phishing email basically does just that.

The real bit in the header that cannot be faked is the actual IP address of the server which SENT the email to your ISP's mail server.

Damn Nigerians!

I "verified" my paypal account not to long ago after reading an email telling me to do so (I know, I know, that was really dumb!). Anyway, about a week later I went to take out a little money from my ATM and couldn't because my limit for that day had already been reached! I turned out I was loosing about three hundred dollars a day to some overseas withdrawl! The bank made up the money (out of their own local funds) and I was covered personally, but I'll never be so stupid again!

Never, never, never (I tell you this three times so it must be true) click on links provided in emails even if they look allright, they can easily disguise a nefarious destination . If you suspect the mail is legitimate, you can still access your account by your usual means or by keyboarding the address into your browser.

>>>Just to be clear... the emails you are getting here are just the normal "phishing" emails that are out there.<<<<

Correct you are.

>>> Nothing special is going on here.<<<

Define "special". It seems like 'tis the season although from what it sounds like boomhower had a real hack going on whereas all the like worded emails I have been getting from "ebay" and "PayPal" are phishing emails. So if you mean "nothing special" in terms of overal emails I would disagree because I get maybe one or two of these things in a year period however in the last 30 days they have been coming in 1 or 2 every three days so somehting is going on. My post is a "heads up" post.

>>>Also... they are almost certainly NOT comming from the accounts that you mention. Anyone can "fake" the email addresses (either the FROM and/or the Reply to) - in fact every single phishing email basically does just that.<<<

Yes, as I said - they were "from" support@paypal.com, clearly faked return email that, as you said, amnyopne cane fake. However looking at the headers they clearly were not from PayPal - that is where I got the real 'sent from' domains that I listed.

>>>The real bit in the header that cannot be faked is the actual IP address of the server which SENT the email to your ISP's mail server.<<<

Exactly.

FWIW, if you forward a spoof/phishing email to Ebay or Paypal, all it nets you is a 4 page explanation about what spoofing or phishing is.
Duh....if I didn't know the mail was a spoof/phishing mail....why would I have forwarded it to them....Kind of insulting in a way

One thing about links, in Outlook, if you hover over a picture or link, regardless of what the text is, the actual link shows up in a hover box, which makes it very easy to immediately see what is fake and what isn't.