AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Thu Mar 25 2010 21:59:12

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

By: Ina Steiner

Sponsored Link

An eBay account belonging to a seller of military certificates has been hijacked, and the perpetrator is using a cookie-cutter template to list tens of thousands of auctions for items, from bikes to kitchen ranges, to guitars to camera lenses and exercise equipment.

As of 9:28 pm EST, the scammer continues to list bogus auctions, and appears to have started at 7:49 pm EST. Some of the auctions have bids, such as one for a "Cannondale Super Six Hi-Mod 56 cm Bike, Record, Zipp"




The hijacker is including an identical graphic image in each of the scam listings containing a gmail email address and instructions to email him for the Buy It Now price because, he explains, he cannot read his eBay email.



All of the listings are listed at a starting price of $99 and include a product description and photos of the items. The text in the JPG image lists the same information: Buy It Now for $1,700.

In 2006, I wrote about an "eBay scam kit" AuctionBytes had obtained that included everything a scammer needed to set up auctions on eBay to sell items they don't own and don't intend to fulfill to "customers." It looks like the hijacker of this account is familiar with the techniques outlined in the kit.

With many online-auction scams, the scammer hopes to get potential buyers to email him or her directly or through eBay's "Ask the Seller a Question" system. Once he or she has the email address of the "marks," the scammer can then work on persuading them to send money via wire-transfer.



The seller whose account has been hijacked has 1581 feedback ratings - with only one negative rating in the last 12 months, which helps give confidence to any shoppers considering bidding on the auctions. What's particularly disturbing about this is the sheer number of bogus auctions that have been listed (and are ending with bids) in such a short amount of time, with no proactive intervention from eBay's security team.

Update 3/29/10: I spoke to the seller and found out how the scammer was able to access his account along with other details of the attack, read details in today's AuctionBytes Newsflash.




Comments (51) | Permalink

Readers Comments

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Paavel

Thu Mar 25 22:18:15 2010

This type of brute force activity should have been picked up much earlier by eBay. How they could allow this many auctions to go up in such a short amount of time is beyond embarrassing

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Christian LC

Thu Mar 25 22:26:32 2010

We've been watching this happen for the last hour or so. It looks like they're starting to come down  --- very slowly. Why don't they just take this seller's acct down temporarily until they remove all the listings?

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Jim This user has validated their user name.

Thu Mar 25 22:34:50 2010

I've had 2 emails in the last 30 days about accounts being hijacked-customers of mine.  My complaint is that I get no definite answer about shipping or not shipping to the account holders from eBay security.

This is my big nightmare.  

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Pat

Thu Mar 25 22:55:37 2010

"@ Christian
We've been watching this happen for the last hour or so. It looks like they're starting to come down  --- very slowly."

Sad that eBay needs AuctionBytes to report this in order to react. Don't they read the emails they get from users reporting this type of activity?

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Fredrick Nijm
Web Site

Thu Mar 25 23:14:21 2010

These scams continue to happen and the only way you are confident buying from this individual is through their feedback rating. A social marketplace would fix all this, so you know exactly who you are buying from because they link their social graph to their listings, so everyone knows who they are. There is nothing to hide.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Max Ownage

Thu Mar 25 23:18:04 2010

Maybe they were trying to beat the record.

http://www.youtube.com/watch?v=N2Xufh1VVzY

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Max Ownage again

Thu Mar 25 23:21:50 2010

Not that anyone should do it but if you click the link which says "To view product availability Please follow these step-by-step instructions" it leads to an off-ebay site ( nathaliemasselink dot com) asking for your user ID.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: another side of the coin

Thu Mar 25 23:29:14 2010

11:28 pm EST here. Looks like eBay is not ending the auctions with bids. See Cannondale Team Scalpel NEW

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Marion
Web Site

Thu Mar 25 23:52:30 2010

Here is another hijacked account:
http://cgi.ebay.com/Nikon-D3_W0QQitemZ120548572352QQcmdZVi
ewItemQQptZDigital_Cameras?hash=item1c11413cc0

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Christopher
Web Site

Fri Mar 26 00:31:41 2010

We had our account hijacked once, a few years ago. We started using eBay's blackthorne software. Within weeks after that our account was hijacked and many listing posted overnight. With a program like blackthorne, they already have the listings composed and residing on their computer, and all it takes is the time to upload them. After getting things straightened out, we canceled our blackthorne subscription and have been fine since.

Of course, we also use more secure passwords and are paranoid of every link, site, and email. After receiving spoof emails just about every day for the last few years they are pretty easy to spot, and after working online for the last 6 years we are just more protected, cautious, and knowledgeable. The eBay message system has its faults, but if you use it, and don't ever respond from emails, they you can't get sucked into a spoof site either. Also, don't use your secure passwords on different sites. A password manager is worth having, so you can have many passwords and securely keep track of them.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Ginny

Fri Mar 26 00:46:00 2010

The hacker has gone back to the first seller id. The listings there are rising again. They're up to over 13,000 listings.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: ebay nonsense

Fri Mar 26 01:19:27 2010

This has been going on for quite a few years. The reason they started using pictures with text instead of plain text is because you can't search pictures for common hijacker text.  

I wouldn't recommend clicking on the pictures if they take you off the site.
No telling what kind of hidden malware awaits you there.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: J.G.

Fri Mar 26 01:33:19 2010

It's 1:30 Eastern and there are still 33 listings under cannondale, etc.  It also says, listing was last updated at 22:29 march 25th probably Pacific.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Smitty This user has validated their user name.

Fri Mar 26 01:34:49 2010

Well it looks like Vlad sold another kit. I don't know how many of you were present on the trust and safety board, when ebay decided to solve the hijacked account problem. EBays solution was quite simple, they forbid discussing hijacked auctions.

They sanctioned many a member of that volunteer army for revealing the item number of a hijacked account. That made the problem go away.

At that time, the members of that board were reporting about 100,000 bogus listings. My best guess is that number has grown.

Never believe eBay's story that Vlad only snagged 1200 user IDs. At that time, Vlad grabbed the whole eBay database. He has all of the personal information of every user who was registered on eBay at that time.

They simply use inactive accounts for these kind of scams. There is nothing new here folk.

Smitty

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Ginny

Fri Mar 26 01:49:25 2010

The hijacked accounts don't appear to be inactive. Some of the listings look to be legitimate listings of the sellers and not the hijacker.
The latest listings are holding at 13,966 and haven't moved up or down for almost an hour. I did report a number as fraudulent.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Troglodyte

Fri Mar 26 02:26:38 2010

What else could we expect?

After all, it was poker night at Mafia HQ so ebay gave all the San Jose techs the night off, and it's siesta time in India.

Ebay: the laughingstock of Silicon Valley.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: LegendsOfBatman
Web Site

Fri Mar 26 02:30:18 2010

Unreal.
I have to say, the person who suggested the acct get shut down, at least temporarily, is correct.
But, eBay benefits, because they can show higher listings (like two years ago, when they had the mysterious auctions).

The question is, would eBay be fighting this if Ina didn't post it? I think not.
But, watch eBay say how "fast" they worked to stop it.

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Julie

Fri Mar 26 03:28:17 2010

Everyone with a twitter account, go to auctionbytes twitter account and re-tweet this to everyone!

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Sam

Fri Mar 26 03:44:38 2010

This story has made it to USA Today!
Good!

eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours   eBay Snoozes as Hijacker Lists 52,000 Auctions in 2 Hours

by: Marvin This user has validated their user name.

Fri Mar 26 06:04:33 2010

My reaction when I first saw this story was. Big deal, Yawn.
Users getting ripped off on ebay. Again.
ebay not doing anything. Again. . .
Wait 5 minutes and yet another ebay not safe/scam/ripoff story will show up somewhere.

Criminal activity on ebay has been rampant for years. ebay is set up in a way that encourages and protects criminals, ebay does absolutely nothing about these situations unless they have to and then the least they have to.

This type of activity generates such large amounts of  revenue for ebay they don't care.

Users have complained for years ebay and paypal were criminal enterprises, massive amounts of complaints have been filed against them, but this always seems to fall on deaf ears.

I would not be surprised to learn the revenue from unethical, illegal practices by and on ebay/paypal and their users far exceeded the revenue from legitimate sources. It's that bad.

The sad part is these and other problems have been extremely well documented all over the internet but yet it continues to happen and each time it does people are shocked.

Click to view more comments
1 2 3  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.