|Tue Aug 28 2012 09:52:04|
Beware of New eBay Shipping-Label Fraud
I request AuctionBytes to alert eBay sellers on a new type of ongoing online fraud:
I recently became a victim of this new type of fraud. My eBay account was hacked from an unknown source, presumably overseas, and 14 Express Mail international labels worth $1688 were printed on August 21.
I called eBay while the hacker was still printing USPS Express Mail International labels through my eBay account. When I called, until then, only 3 labels were printed but while I was being shunted from one department to another, 11 more were printed until the eBay Safety department asked me to immediately change my eBay password.
I was asked to void the labels which I immediately did. I have since been tracking those numbers and I find 8 of the 14 packages submitted to various USPS centers throughout the country and these packages are on the move now. USPS has "rejected void" on the submitted packages and eBay is still quiet on the reimbursement issue.
I may mention here that I have also reported the matter to Inspector General of USPS through their hotline form and even the Internet Fraud dept of FBI. None of them have reverted to me so far.
I have researched the modus operandi of these thieves. They doctor these shipping labels and super-impose their own addresses. The labels are then used to get the stolen merchandise out of the country.
Generally unsuspecting innocent people are offered home-based jobs. Merchandise stolen through credit card fraud is first got delivered to their addresses, then these guys are expected to use the "pre-paid" shipping labels to get the merchandise delivered to the thieves in far off countries. The victims are offered lucrative compensation which they never receive.
I am not happy with the way eBay has handled the issue so far. I believe they should have acted faster and escalated the issue to a higher level. They were slow and the five agents I spoke to didn't appear to have a clue of what was going on. They saw no suspicious activity in my account even when the hacker was busy doing his job. They thought by just voiding the labels, I'd get back my money, whereas as an experienced shipper, I know that once a label is scanned at any USPS center, there's no refund.
I am hoping eBay compensates my losses as it was their website which was compromised.
Update 8/31/12: eBay provided its stance and suggestions on unauthorized account access:
EBay actively monitors eBay for signs of unauthorized account access and other forms of internet fraud. If a customer suspects that someone knows his or her user name and password, we recommend they change their password and take steps to secure their identity.
A customer concerned with unauthorized account access should:
* Contact eBay immediately
* Change the password on the eBay account and the personal email account associated with the eBay account
* Change the secret question and answer on the account
* Verify the contact information on the account to make sure it has not been changed
Additional information may be found in the eBay Security Center, including tips on how to avoid unauthorized account access.
The best way to deter unauthorized account access is to be familiar with phishing emails, as they are the primary method of gaining sensitive information like user names and passwords. - Link to eBay Phishing Tutorial.