EcommerceBytes Letters to the Editor Letters to the Editor
Your emails to EcommerceBytes
For consideration, send your email to ina@auctionbytes.com with "Letters to the Editor Blog" in the subject line! Remember to include your name as you would like it to appear in the blog.
Tue Aug 28 2012 09:52:04

Beware of New eBay Shipping-Label Fraud

By: Reader

Sponsored Link

Dear Ina,
I request AuctionBytes to alert eBay sellers on a new type of ongoing online fraud:

I recently became a victim of this new type of fraud. My eBay account was hacked from an unknown source, presumably overseas, and 14 Express Mail international labels worth $1688 were printed on August 21.

I called eBay while the hacker was still printing USPS Express Mail International labels through my eBay account. When I called, until then, only 3 labels were printed but while I was being shunted from one department to another, 11 more were printed until the eBay Safety department asked me to immediately change my eBay password.

I was asked to void the labels which I immediately did. I have since been tracking those numbers and I find 8 of the 14 packages submitted to various USPS centers throughout the country and these packages are on the move now. USPS has "rejected void" on the submitted packages and eBay is still quiet on the reimbursement issue.

I may mention here that I have also reported the matter to Inspector General of USPS through their hotline form and even the Internet Fraud dept of FBI. None of them have reverted to me so far.

I have researched the modus operandi of these thieves. They doctor these shipping labels and super-impose their own addresses. The labels are then used to get the stolen merchandise out of the country.

Generally unsuspecting innocent people are offered home-based jobs. Merchandise stolen through credit card fraud is first got delivered to their addresses, then these guys are expected to use the "pre-paid" shipping labels to get the merchandise delivered to the thieves in far off countries. The victims are offered lucrative compensation which they never receive.

I am not happy with the way eBay has handled the issue so far. I believe they should have acted faster and escalated the issue to a higher level. They were slow and the five agents I spoke to didn't appear to have a clue of what was going on. They saw no suspicious activity in my account even when the hacker was busy doing his job. They thought by just voiding the labels, I'd get back my money, whereas as an experienced shipper, I know that once a label is scanned at any USPS center, there's no refund.

I am hoping eBay compensates my losses as it was their website which was compromised.
L.

Update 8/31/12: eBay provided its stance and suggestions on unauthorized account access:

EBay actively monitors eBay for signs of unauthorized account access and other forms of internet fraud. If a customer suspects that someone knows his or her user name and password, we recommend they change their password and take steps to secure their identity.

A customer concerned with unauthorized account access should:
* Contact eBay immediately
* Change the password on the eBay account and the personal email account associated with the eBay account
* Change the secret question and answer on the account
* Verify the contact information on the account to make sure it has not been changed

Additional information may be found in the eBay Security Center, including tips on how to avoid unauthorized account access.

The best way to deter unauthorized account access is to be familiar with phishing emails, as they are the primary method of gaining sensitive information like user names and passwords. - Link to eBay Phishing Tutorial.



Comments (37) | Permalink

Readers Comments

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: purplerose This user has validated their user name.

Tue Aug 28 10:09:03 2012

Hmmm.... If they were printing the labels through Ebay Shipping then I am presuming the money  was coming out of your PayPal account? If I remember correctly, they would've had to also hack your PayPal account?? I'm pretty sure I remember having to key my passwords and/or verifying my identity when trying to access my accounts from a computer that I normally do not use for Ebay / PayPal. If I am correct, I would've contacted PayPal also. My experience with their security dept has been more effective then the general service Ebay offers.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: JustTheFacts This user has validated their user name.

Tue Aug 28 10:32:04 2012

I agree with purplerose, paypal is MUCH easier to deal with when it comes to fraud.  

My sister had someone steal her paypal cc numbers and start using them around the world, they only managed to get to small purchases through before she caught it then immediately reported it to paypal.  My guess is that they were testing the card.

They had her cancel the card and gave her back the money while they investigated it.  It took about 60 days.  Hthey neve made her give back the money.  Granted they should not have anyway but paypal did the right thing.  

Although, I think in this situation she did need to go to ebay becuase that is where the labels were being printed through.

It does not surprise me that ebay FAILED in every way helping the OP and have no doubt they will blame the OP for everything and offer NO protection or reimbursement.

ebay take ZERO responsibility when THEIR system is breached.

I would also not be surprised if they eliminated ALL reponsibility for THEIR breaches in their system in the contract.  

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: BetterThingsToDo This user has validated their user name.

Tue Aug 28 10:51:39 2012

Ebay has also allowed fradulant postage to be sold...Type either Netstamps or Us Postage in the search. Check out some of the auctions selling stamps.com postage...

Who would sell pre printed postage at a 50-75% discount.

You think its a great deal but the labels are sent from China and are not Stamp.com labels. Ebay has been informed of this many times but refuses to stop the listings.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: Steevo This user has validated their user name.

Tue Aug 28 11:14:54 2012

I have to say this story in ingenious.  

That someone would be able to figure this all out and apply it like this is so incredible, well, I've said it before:

If these guys would apply themselves to good rather than evil they could accomplish *anything*.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: OG This user has validated their user name.

Tue Aug 28 11:42:57 2012

I have had a series of fraudsters purchasing things from my eBay business, only to be brought up as an ''unauthorized'' claim in Paypal later. It has happened so many times I can almost see it coming each time, there seems to be similarities in the user ID's that these scammers use as if they are being automatically and randomly generated by a program. Typically the sale will be made for one or several higher end items with instant payment, the shipment will go out within 1 business day, and 4 or 5 days later Paypal will send along a note that the transaction has raised a fraud flag and is under review, causing the funds to be held. In some cases the actual owner of the stolen credit card used will file the dispute with Paypal first.

In all of these instances I am covered through seller protection, but the unexpected holds and the time it takes to resolve things makes this far from headache free. I have attempted to ask Paypal and eBay both what I can do to look out for this and avoid problems preemptively, and they only advice they could give was ''block 0 feedback bidders'' and ''communicate with the customer to confirm the order before shipment''. They had no fruitful reply for how that would work against the current eBay tracking requirement or 1 day handling that I offer (which many people take advantage of because they want the item fast) and if it takes someone more then half a day to reply, I am out in the mud (not to mention not to many people are keen on getting ''did you order this?'' emails after obviously ordering and paying for something) especially foreign bidders who may not always understand completely. I have a very high amount of business volume, and this throws a wrench in the works for me. It has been happening once or twice a month for about the past year or so, all my items are one day (or same day) ship so it seems I have been targeted for my efficiency. Sometimes the package will get refused at the destination address and returned, leaving me to eat the postage cost. Perhaps this is another leg of the scam that has been noted above. -OG

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

This user has validated their user name. by: WOODJUNGLE! ON EBAY

Tue Aug 28 11:47:03 2012

they would only need your ebay password.  ebay charges authorizes the charges to your paypal account (which is basically ebay anway)  for postage.  

This isn't ebay's fault. someone got your ebay password somehow and is exploiting it.

I'm not sure of what protections are offered if your accidentally give away our password by ebay or paypal.

Oh, but money orders aren't as safe as online payment methods according to ebay :)

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: trickstunt This user has validated their user name.

Tue Aug 28 13:28:59 2012

So it's the victim's fault? That sounds like the same thing ebay forum shills always say.  How could it be phishing when even Donahoe said phishing was down by %80? What he didn't tell was that ebay employees and maybe management too fell for phishing emails.
ebay employees fall victim to phishing attacks & database hacked
http://youtu.be/cKsZKQb21YU

But if you think that phishing is the only risk, you're wrong.
BEAST vs HTTPS
http://youtu.be/BTqAIDVUvrU

Add to that ebay and paypal historically deal with issues, I think you'll see they cannot be trusted to do the right thing.

Paypal Database Leaks! ebay Compromised Accounts Consumer Alert! High Quality
http://youtu.be/i1-YVfqIxD0


I found these in less than 5 minutes. If you put any effort into looking, you'll see that ebay and paypal have been hacked many times over. They always blame the victim.

I also read where people's real names are appearing on paypal phishing emails. There's not too many ways that can happen, is there?
O'm sure that ebay-paypal defenders can find ways of spinning the facts, but how many times have they lied so far?

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

This user has validated their user name. by: Ric

Tue Aug 28 13:56:26 2012

eBay has an abysmal record when it comes to users who are the first ones to report an issue, glitch or security breach.

The problem is exacerbated because the Peggy's in customer service do not take reports seriously unless they have been notified a problem exists. Thus, when a user is one of the first to be victimized, they get run around from one department to the next while the damage mounts.

Memo to eBay... just because a problem, glitch or security breach is not a known issue does not mean it is not happening!!

eBay needs to be much more proactive with initial reports of all issues, but especially so when it comes to security issues. A user should not have to prove it is happening to them before they are given swift and proper attention.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: mylifeisgood This user has validated their user name.

Tue Aug 28 14:08:09 2012

@Ric

Using the words Proactive and Ebay in the same sentence is as funny as using Ebay and security in the same sentence.

The only proactive thing Ebay does is to enhance there bottom line. As for security Ebay doesn't have a clue.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: Grandma_Fish This user has validated their user name.

Tue Aug 28 14:30:57 2012

OP, sorry that happened to you! That's a lot of postage. So glad you're not being held responsible for it.

I never used eBay to print my shipping labels, always printed directly through PayPal. But I think if you print them through eBay, it's automatically linked to your PayPal account and I don't think you get prompted for a PayPal password. Am I correct?

Also, OP, I can offer a couple of suggestions for the future. I've always had one of those little security keys that automatically generate a new pass code every 10 seconds and have it linked to my eBay and PayPal accounts. They used to cost $5, but now they're $25. You can buy them through PayPal. Once you link them to your accounts, nobody can log into your accounts with that code. If you don't want to pay $25, you can also link your cellphone to your PayPal account, but not eBay yet, and have an auto-generated code sent to your cellphone every time you log into PayPal. I also have a password manager so I don't have to actually type in my password from my keyboard. Hope that helps and you never have to deal with this again.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: trickstunt This user has validated their user name.

Tue Aug 28 16:21:34 2012

That paypal security key doesn't look too secure to me. Don'y forget to read all the  comments and description

PayPal Security Key Fob Is IT Really Safe & Reliable? ebay Boycott
http://youtu.be/267xpNvkFF0  

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: Patricia This user has validated their user name.

Tue Aug 28 16:27:49 2012

I wouldn't hold my breath waiting for Ebay to compensate you....the slowness they showed acting upon this will give you an idea of how interested they are in you or your loss.  The other agencies as well....they're good for setting up shop and probably are compensated by us sucker taxpayers...but do little to earn their keep.  I'm talking that FBI form you filed....I don't know if USPS is any better!

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: AgendaSwallowsAll This user has validated their user name.

Tue Aug 28 18:38:30 2012

Not well versed on youtube by any means but I can't recall an instance where there was a ''.'' ( dot ) between the u and the b in a youtube link as @trickstunt has provided so unless anyone thinking of pasting that link in their browser does know, I'd suggest not trying the links.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: trickstunt This user has validated their user name.

Tue Aug 28 19:07:54 2012

pssst.. It's a legitimate valid url. It's youtube's new shortened format. (for about a year or more?)

Try this then click share under the player. You'll see the short url plainly in there. Same with the others.

http://www.youtube.com/watch?v=267xpNvkFF0

There
's
also a website called longurl.org where you can see where any short link goes to.

Next time, maybe you should do a little research?

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

This user has validated their user name. by: Roger Rabbit

Tue Aug 28 20:14:35 2012

''JustTheFacts
Tue Aug 28 10:32:04 2012
I agree with purplerose, paypal is MUCH easier to deal with when it comes to fraud.''

Especially if you're interested in committing it.  

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: spirit-of-shiloh This user has validated their user name.

Tue Aug 28 23:25:05 2012

I NEVER print my labels through either,I use USPS as I don't want to give eBay and PP anymore business than I have too.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: AgendaSwallowsAll This user has validated their user name.

Wed Aug 29 02:36:43 2012

@trickstunt

I did do some research finding no youtube url's the way you'd typed them out. I'm not going to spend my life in further research and I didn't say there was anything wrong with your links. What I said was anyone who doesn't have knowledge they are in fact correct to not paste them in their browser. If youtube is using url's typed http://youtu.be, they've become just as ignorant as Ebay has, there isn't a shred of intellect that could explain the use of ''youtu.be''

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: trickstunt This user has validated their user name.

Wed Aug 29 08:37:16 2012

@AgendaSwallowsAll

I guess you must not have tried a regular youtube url then clicked share to reveal the short url?
Or searched shortened youtube url.

From techcrunch-

YouTube Gets Its Own Short URLs. Except They're Still Pretty Long.
Monday, December 21st, 2009
Looks like Google is really going full steam ahead with its shortened URLs. Only a week after the search giant launched its own Goo.gl short URLs, its subsidiary YouTube is launching its own short URL service: youtu.be.
(more)

http://tcrn.ch/ciQECH

Be careful now, because the techcrunch url is also shortened. longurl.org is your friend.

The videos are very revealing. If anyone else out there doesn't understand short urls, just search the titles of them.

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: fadedglitter This user has validated their user name.

Wed Aug 29 09:35:23 2012

i always use paypal ship now,you put in the info and there is never a problem!

Perminate Link for Beware of New eBay Shipping-Label Fraud   Beware of New eBay Shipping-Label Fraud

by: notsofast This user has validated their user name.

Wed Aug 29 12:38:57 2012

This just happened to me on Monday!
I am a very cautious person online but they got through anyway.
Ok, here's what I'd like to offer up:
I immediately (while calling Paypal) changed all my passwords.  Even to mail accounts that were not connected to Ebay.
Paypal immediately recoginized the issue and began investigations on all of them. All billing agreements should be stopped immediately!
Now for Ebay.....ugh.
After being on the phone with at least 4 different people over 3 hours I went ballsh*t crazy!  I kept a professional tone but man was it loud!  I demanding to speak to someone in high security or the manager...of the managers!
I got my person within minutes.
Now, for my transactions, each were created within a second or less of eachother. Something I find hard to do as a flesh and blood body. (Suggested by 2nd Ebay CS...how the hell could I have done it!) Secondly, the manager was able to see the IP address and its location of said transactions.  Since I only Ebay from 2 computers it was pretty easy to tell it wasn't me. She immediately changed my password again, and then I changed it after.  She manually began the slow process of issueing refunds/voids for every label created. And, what's even more surprising is she was just as disturbed by it, having never seen something like it before.  Even to the point she mentioned checking her own buyer's account after ending our conversation.
I had asked only one other thing from her....please inform high security of this.
Reason #1- My account does not allow shipping/bidding from anything associated with international.
SO HOW IN THE HELL DID EBAY'S SYSTEM EVEN ALLOW A LABEL TO BE STARTED?
That's a serious glitch on my part.
A call that started at 4:45pm, ended by 8pm and by 10pm all money was returned.
Check your accounts often; change passwords every 2-3 months, yeah we all got that.

But Ebay....please fix this!

Click to view more comments
1 2  [Next Page]


Login is required to post comments.
To sign in to leave a comment, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.