When I woke up today I noticed 50 new e-mails in my inbox. All were listing confirmations from ebay. The only problem was that these weren’t my auctions.
What I believe happened was someone got ahold of my ebay user name and password, and late at night, after I had went to sleep, started posting auctions feverishly. The first posting went up at 5:43 am, and the last one went up at 5:55 am - 50 auctions in about 12 minutes.
All of the auctions were for various DVD sets, for example South Park seasons 1-9, Six Feet Under seasons 1-5, even The Golden Girls box set. Each auction had a very low starting bid and buy it now price.
The auction pages were professionally done, using a mix of pictures and logos to appear as if they were posted by an experienced dvd seller. Most importantly, there was a buy it now button on the page that encouraged winning bidders to purchase the items from a third party payment site.
Brilliant.
The scam, it seems, is that these guys take over an ebay account and post many buy it now auctions with low prices. They hope that buyers will pay through their site (which incidentally was down when I tried to click on it), sidestepping paypal (which would just send the money to me).
Luckily, I was taking SushiAttack to the airport this morning so I woke up at 6am. Each auction was scheduled to end in a matter of hours, so I quickly ended each auction. I don’t know how the seller did that, but it seems like he set the auctions for just 3 hours or so. The idea of course is that the auction ends quickly before I even wake up.
The funny thing is that I actually received a question from a potential buyer saying, “Hi. Is this for real, or is this a hacked account ?” at about 6:07am. Probably not a very effective question to ask, since the hacker did have possession of my account info, and could have replied to the question himself.
At 7:06 am, ebay e-mailed me telling me that they realized that my account had been hijacked, and the offending listings had been removed. They also recredited the auction listing fees to my account, which was nice because each auction cost between $2 - $3. It was a pretty quick response, I have to say. I don’t know how they figured it out, but it probably had something to do with the IP address the hacker was posting from.
The final remaining question is, how did the hacker get my username and password. Now, I am aware of phishing e-mails, so I don’t think I got caught by one of those scams. I ran a virus scan on my work computer and found a nasty backdoor virus - so possibly that was the culprit. It is peculiar that it was a backdoor though, and not a keylogger. A backdoor could be used to install a keylogger, but I don’t think it’s likely.
Another interesting note was that the day prior to the attack I signed up for a Netvibes account. I mentioned this earlier on the blog actually. One of the Netvibes features that I was using was the ebay module, which requires you to sign up for the service on ebay’s website.
Today, I went through the whole signup process again, and it seems legit. Everything was on a secured page on ebay’s site. One possibility is that Netvibes was somehow compromised, although I have only circumstantial evidence to suggest that.
In any case, this was a bigggg mess today. What a pain in the ass. I feel so violated as well. Even more so than the aforementioned Americone Dream incident. I have to say though, it is an interesting scam. It was very well executed, except the fact that the scammer did not change my e-mail address - so I ultimately saw that he posted 50 auctions. He also left my password intact, which was just sloppy. I would not have been able to log into my account and stop the auctions, had he changed the password.
So, be careful guys. These scammers aren’t messing around.
Powered by FireStats