I've just been the victim of eBay shipping label fraud.

[Gunstar Green]

A quick explanation about shipping label fraud can be found here:

http://www.ecommercebytes.com/C/letters ... 61924.html

For those who don't want to click, basically someone overseas hacked my eBay account in order to purchase shipping labels so they can doctor the labels in photoshop and ship items internationally. They bought nearly $400 in labels from my account and locked my out by changing my password.

Luckily eBay caught it and reported it to me and I've gone in and straightened things out. They claim to have reimbursed me but I haven't checked up on that yet. I've also reported the transactions to PayPal as unauthorized just in case.

This really cheeses me off, it makes me feel like it's unsafe to do anything over the Internet anymore if something like this can happen to my eBay account. Thankfully it seems like the damage is going to be reversed but I'm still boiling over it.

I was wondering if anybody else has had this happen to them?

[MrPopo]

This really cheeses me off, it makes me feel like it's unsafe to do anything over the Internet anymore if something like this can happen to my eBay account. Thankfully it seems like the damage is going to be reversed but I'm still boiling over it.

Well... every system is vulnerable, so depending on your definition I guess it is unsafe to do anything over the internet. What it really comes down to is how likely something is to happen. After all, it's unsafe to drive; another car could plow into you.

[Ivo]

basically someone overseas hacked my eBay account in order to purchase shipping labels so they can doctor the labels in photoshop and ship items internationally. They bought nearly $400 in labels from my account and locked my out by changing my password.

I'm interested in how they got to your account (if you know and would not mind sharing details). Did you get a trojan, was your password weak, social engineering?

Ivo.

[gtmtnbiker]

basically someone overseas hacked my eBay account in order to purchase shipping labels so they can doctor the labels in photoshop and ship items internationally. They bought nearly $400 in labels from my account and locked my out by changing my password.

I'm interested in how they got to your account (if you know and would not mind sharing details). Did you get a trojan, was your password weak, social engineering?

Ivo.

Ditto on this. Also, do you use the same password for multiple accounts?

[elmagicochrisg]

My eBay account got hacked once too...

Someone bought an €8000 watch with my account. In vain, since they did not have my PayPal password. Even if they would've had that, they still wouldn't have been able to put money on it without hacking my bank account...

[Gunstar Green]

basically someone overseas hacked my eBay account in order to purchase shipping labels so they can doctor the labels in photoshop and ship items internationally. They bought nearly $400 in labels from my account and locked my out by changing my password.

I'm interested in how they got to your account (if you know and would not mind sharing details). Did you get a trojan, was your password weak, social engineering?

Ivo.

Ditto on this. Also, do you use the same password for multiple accounts?

No I don't use the same password and I don't know how Russians got into my account. They only got into eBay, not PayPal. I checked for trojans right away and all that jazz and didn't have a weak password. Of course I never gave anyone my password for any reason whats-so-ever so no social engineering either.

All I can say is apparently this has been happening to lots of people lately and anyone who has sold anything on eBay before is at risk since they can use your old sales to print labels (why eBay allows this is beyond me).

There's something wrong with eBay's security that's being exploited from what I've read. Some people over on their forums are getting pissed that eBay refuses to publicly talk about it and hasn't fixed whatever is causing the problem since it started around August, maybe even earlier.

And yeah people usually don't get away with anything on eBay because of Paypal, my Paypal account however was authorized to automatically pay eBay shipping Inc which I didn't even realize. I implore everyone with an eBay and PayPal account to go to Paypal right now and follow these instructions:

Go to - Profile > My Money

Then click Update on "My pre-approved payments" and cancel everything you see there, especially eBay shipping inc. This should prevent it from happening to you since they won't be able to pay for labels without access to your PayPal account.

My eBay account got hacked once too...

Someone bought an €8000 watch with my account. In vain, since they did not have my PayPal password. Even if they would've had that, they still wouldn't have been able to put money on it without hacking my bank account...

Yeah, I guess I'm doing this from now on as well, taking my information off of Paypal and only putting money into it when I'm buying something. It's more of a hassle but worth it for the piece of mind. Lesson learned I suppose.

[Zing]

I wasn't aware Ebay had a label printing service. I've always done it directly through Paypal.

This sort of thing has been going on with other online services as well. There is always a weak link. Someone uses the same password for their Hotmail or Xbox Live account and it is trivial to test it on other major websites. Unless they are literally brute-forcing your username and password, it is something either the user or Ebay is doing to give away the password.

You'd be surprised how many times you will read "I swear I didn't give away my password" and then you find out they used the same user/pass on EA's Orion service and someone from Russia managed to get a password recovery.

[Luke]

Sometimes I feel as if I'm the only person on this forum who hasn't been scammed.

[Ivo]

Sometimes I feel as if I'm the only person on this forum who hasn't been scammed.

I don't think I've been either, but I also take a keen interest in trying to know how it happened to others to keep it that way.

Even using the same password on something else still means they needed to get that password somehow. That would require phishing or a trojan anyway. Something like Hotmail is not like some random forum you sign up to (I mean, it is not like Microsoft is running Hotmail with the end goal of getting your password). Hacking into Hotmail's servers to get several passwords is through the Microsoft side rather than through the user side is probably also not so easy, right?

Ivo.

[MrPopo]

Sometimes I feel as if I'm the only person on this forum who hasn't been scammed.

That just means you have been scammed, but it's such a good scam that you don't realize it's a scam.