HACKER USED MY EBAY ACCOUNT TO SHIP EXPRESS MAIL LABELS

budnonymous · Top Poster

HACKER USED MY EBAY ACCOUNT TO SHIP EXPRESS MAIL LABELS

budnonymous · Top Poster

Here the victim (link above) from the auctionbytes letters to the editor chimes in.

Notice they relate that the only way they got resolution was by having auctionbytes contact ebay for them. Other than that, the policy was "blame the victim". They should have made sure to tell the authorities the only way it got fixed was to make a public embarrassment for ebaY.

Uploaded with ImageShack.us

Is that how the mob operates too? Does that seem corrupt? To have a set of rules and procedures they can either follow or not follow, but to really do anything you always need that "inside connection"?

Anyone else complaining to authorities should be sure to mention ebaY's peculiar selective customer service policy application procedure; ie nothing gets rectified without insider connections.

Two people with the exact same situation get different and incongruous levels/results of service depending on how the complaint was received. People complaining through "normal" or "official" channels /procedures get shafted.

What about all the people who don't have any such insider connections or ever heard of whatever website owner to relay requests?

At any rate it sure isn't the type of "customer service", security or peace of mind to get warm & cheery over.

-- Edited by budnonymous on Thursday 13th of September 2012 12:00:23 AM

budnonymous · Top Poster

The victims are showing up more and more. Undoubtedly there are others whom don't know yet, those who never heard of the ebay forums etc. Ebay is completely quiet. No announcements. no explanations, no nothing. Maybe because when word gets out they'll go down like a cheap tart? They must figure they can keep it all quite by settling each and every case "quietly" through unscrupulous, rigged and crooked end run methods.

Once again, the entire thread makes for some curious reading. The finer details show that the victims don't even need to have ever sold a thing or signed up for ebay/paypal shipping

Re: Fraudulent Shipping Label Charges

Sep 26, 2012 01:51 PM

I just had this happen to me this morning. I called eBay and spoke to someone who said there was one specialist who's handling all of this. She was going to transfer me to him and bring PayPal on the line and then she just cold transferred me to paypal without giving me any details, a case number or anything.

Very disappointing.

I looked at my Third Party Authorizations and I have none listed. My eBay password and PayPal passwords are unique and very secure. I have not been subject to phishing. I work in IT and tech support.

Luckily, a family member runs an ebay business and has escalated this to his contacts. I will update when I hear more.

and this:

Sep 26, 2012 03:02 PM

On Sept 14, someone hacked my eBay account and set up a fake listing for a portable DVD player at around 1:55 am. A buyer purchased the item a short time later in Moscow, Russia. The listing was renewed several times and sold to the same buyer each time. I then received email notices of 42 shipping label charges, ranging from $59 to $216 each. The total for the shipping charges was almost $6,000! This was all billed to my PayPal account, which was linked to my bank checking account. PayPal saw the shipping charges as legitimate eBay shipping, and authorized the money to be sent to several recipients with legitimate sounding email addresses.

Fortunately I discovered the fraud a few hours later and notified eBay, PayPal, and my bank about the scam. They assured me that I would be reimbursed for any losses. I also closed the bank checking account immediately to prevent any actual funds from going to the fake eBay shippers. I did manage to stop the ACH transfer attempts from PayPal before any of my personal money was lost. In addition to changing all my passwords, eBay removed the PayPal shipping authorization which allowed labels to be created without a PayPal login. I also removed all third party authorizations and have ordered a security key to authenticate both eBay and PayPal logins. A few days later, PayPal reversed all shipping charges to clear the large balance due on my account.

What I find interesting is that despite my attempts to void all shipping labels from within eBay, and no actual payment of funds from me, the USPS tracking status shows packages in various states of delivery. Packages have been dropped off in various cities in states such as TX, NJ, NY, and they are being sent to Russia and Moldova. Who is funding these shipments, if not me? I assume the shipping addresses are being altered so as not to be traceable, although delivery confirmation is indicated. There seems to be no clear way to stop these shipments, once the process is initiated.

--------------------------------------------------------------------

If I had to guess, I would say they hackers are getting in via some type of cookie stealing through the long uncorrected xss flaws, or even cookie "making" via BEAST or possibly CSFR cross site forgey request, session hijacking, really any number of ways. This is one instance where I do not think they need anyone's password, nor is phishing the vector. Looks like pure hacking. Think about it... If you know where to look you'll find various new ebay/paypal scripting exploit snippets daily.

Oh yeh, one more thing in case it's not obvious. This looks like Russian hackers at work. You may want to do a litlle research. They can put some serious hurting on whatever/whoever they want, and it's a whole different attitude by them than other hacker/scammers you may have heard of. In short, ebay isn't safe, paypal isn't safe, and even less so that they're burying their head in the sand, covering their eyes, buttoning their lips, and only having secret back door customer service arrangements.

budnonymous · Top Poster

More of the same, piled higher and deeper...

ecommercebytes

Fri Sept 28 2012 17:17:01

Yet Another Case of eBay Shipping-Label Fraud

Now this from the same thread on ebat trust & saftey forum:

Re: Fraudulent Shipping Label Charges

Sep 30, 2012 04:58 PM

The same thing happened to me on Friday Sept 28, 2012. Ebay Shipping Inc completely depleted my bank account that funded my Paypal that pays for the bogus shipping label charges.

I spent the whole day yesterday trying to resolve this with Ebay, Paypal and my bank but got nowhere.

The people I talked to at Ebay and Paypal didn't give me much confidence at all. They seemed to be very ignorant. Worse is, they spoke with such heavy accents I had a hard time understanding their English. They asked me the same question a dozen times, "What is wrong about the shipping charges?" They didn't seem to understand how Ebay works and and they didn't even know how to nevigate Ebay. And these same pepole told me they would investigate, that was the scary part. I have no faith in them whatsoever.

I am very sure this whole thing is due to Ebay's server being hacked. It's not going to go away even if we change passwords. The hackers had found their way into Ebay's system and have access to create fake listings and fake bids to create a sale event that allows them to manipulate Ebay's shipping charges mechanism.

Meanwhile, my money has all gone. It's very frustrating. I will see how long it will take before I get my money back.

I advise all of you to never use debit card to fund your Paypal account. Use a credit card instead. With credit card, you can dispute the charges easily and have it reverse faster. But with debit card, all the money in your bank account will be gone like mine and you can't even stop payment and just watch them go in real time. If you use a debit card to fund it, cancel that debit card. I cancelled mine so now my Paypal is only linked to a cancelled card and nothing else.

Fraudulent Shipping Label Charges__20120930_640c.png

...Best thing you can possibly do is close your ebay and paypal accounts, make sure they cannot access your funds in any way.

Spread the word people's lives are being turned upside down, inside out, that sleazeybay knows, but does not care abut you or whatever troubles they caused by running a hacked site with lackwit, crooked customer service and criminally rigged terms of service.

Face it, as log as the issue is contained at auctionbytes and the community forums they just plain don't care. What they don't want is any exposure or noise about their ramshackle site being hacked, where they can't control it or too many people see it.

Bear in mind the new terms of service coming up. After that change, you will have absolutely no recourse against this type of thing or whatever else comes along.

-- Edited by budnonymous on Wednesday 4th of December 2013 10:37:41 AM

budnonymous · Top Poster

I'm beginning to wonder if this isn't some sneaky way for sleazebaY to glom onto a few quick and dirty dollars from interest or something? Maybe they (eBafia) made a deal with the Red Mafia? Don't laugh. These ebaY folks are crooks! We all know it. Nothing is out of the realm of possibilty, as sleazebaY has decided to remain conspicuously silent on this issue. How many times, and via how many ways have they already fed the users to the wolves?

People victimized should take note how fast they act when things get featured on nationwide news TV shows.

Oh, btw, if you use twitter to tweet this type of thing, check by a realtime search after you do so. The tweets are being suppressed. They don't even show up besides on your own profile page.

latest nightmare horror:

Hacker on the loose! India CS Nightmare

Oct 1, 2012 12:06 PM

Five days ago I received 12 emails confirming over $1000 worth of international express postage I had purchased within 10 minutes for listings on my seller account.

However, I did not purchase over $1000 worth of international postage nor did I post the listings that were listed and sold for a fraction of the cost of the same titled listing that I do regularly post.

That's when the nightmare began.

I called Paypal customer support. They answered quickly and but told me the $ would be put back in 5 to 10 business days after the cases were checked by their security dept. I explained to them that that wouldn't work because I had an order in for supplies using the debit card on that account that would be billed the next day and I could not wait 2 weeks to get the money back. They actually listened to me and put the $ back within 15 minutes.

Then they put me through to ebay CS. After a 15 minute wait I was in India with a horrible phone connection speaking to someone I could not understand. She kept referring to contacting my sellers and explaining the situation. I kept telling her I didn't have sellers involved in this situation, that I was the seller and I had been hacked. After 15 minutes of this I asked for a supervisor. She said one would call me within a 1/2 hour.

Over 2 hours later an Indian supervisor called back and I was finally credited back for the "sales" but I didn't trust them to void all those shipping labels and did it myself. She sent me a link to update my password and I did.

Four days went by and things were back to normal. Then this morning I tried to relist an item and wasn't able to log in. My password was not accepted. I had also received an email that my Auctiva token was invalid again as it was 5 days ago. So I called Ebay CS. Someone was hacking in to my account again.

The first CS rep answered within a minute, then told me I needed to speak to another dept. He put me on hold and after waiting for over 15 minutes and thinking about all the new charges that must be happening again on my paypal account, I hung up and called ebay CS again.

The first rep answered in less than 1 minute again (a US CS rep like the first time) apologized that it took so long to talk to the correct dept about the hack job and told me there was nothing he could do about it and I would just have to wait on hold until the correct dept could take my call.

I waited another 15 minutes again and worried about all the charges (again) that could be going on my paypal account. Finally I was in India again with a terrible connection speaking to someone who didn't get it and I could not understand every other word out of her mouth!

She asked me if I had listed a (title left out) which is of course an item that I do list regularly, but since I could not log into my account I did not know if it WAS one I had listed or a fake one from the hacker again. I tried to explain to her that there was no way I would know because I could not look at it because, as she knew, I could not lof into my account to see it. I asked her what the price was, when she said $5 I knew it was not something I had listed (again).

As before she sent a link to change my password again before taking me on a wild goose chase looking at and discussing things that had no relevance to the issue. Finally she said she would escalate my problems to the next level of security and I would receive an email in 24-48 hours.

I'm leaving out many many absurd ridiculous and frustrating parts of the phone calls with the India CS reps, but going through them again would give me a migraine.

I have no idea why this is happeneing, but the rep told me that there are many other sellers that this is happening to.

So be careful. If I find out how this happened, I'll let you know. I am extremely careful about clicking on links and phishing emails, so I am at a loss why it's happening to me.

budnonymous · Top Poster

And the victims continue to roll in... both here and on the above linked thread as well. Lo$$es in the thousands... ebaY quite conspicuously silent...

PAYPAL SAFEST WAY TO PAY?NOT FOR ME!

Oct 10, 2012 09:41 PM

Thought paypal was the most secure way to pay,come to find out someone had hacked my paypal account and created 2 shipping labels under my account!So paypal was trying to charge my bank account 21 times in one day and another 20 times the next.Luckily didnt have money in that account so everytime I was charged with insuficient fund charges which totaled like 500 + at my bank and 700+ on my paypal account! It took me close to two months to resolve the issue with my bank and paypal.All the trips and phone calls I ended up losing time and money! So I just stay away never have reinstated my account again!Thanks paypal :(

Uploaded with ImageShack.us

Paypal and ebaY are as shady and unsafe as it gets. And don't forget about the new ToS for both of them... Think things are bad now? Just wait... You know they're going to stick it to you hard when that/those kick in.

budnonymous · Top Poster

To top it all off, it looks like ebay just secretly, by "default", linked everyone's bank accounts to their paypal without their prior knowledge and/or expressed consent for some new Turbo Checkout!

I can't tell you how unsafe that is given the known cookie handling flaws and other exploits (both known and unknown/"in the wild"). Do whatever you need to to make sure your bank account is always unlinked and/or cannot be drawn from by paypal, and always, always use a credit card only if you must use paypal!

Oct 15, 2012 08:42 AM

Thankfully everyone got a refund - but I hate to say - this will CONTINUE to be a problem.

I bought multiple items today and requested an invoice - to my surprise on the invoice - EBAY had a Direct link through to paypal on the invoice (I did not authorize that one - I don't even have automatic payment connected)...

BUT since my paypal account was kep empty - the link showed the total amount would be automatically deducted from my BANK ACCOUNT! WHAT????

Lucky there was a LINK in the invoice to "REMOVE" this connect so....SO I WOULD HAVE TO LOG INTO MY PAYPAL ACCOUNT EACH TIME I BOUGHT AN ITEM - LIKE I HAVE ALWAYS DONE IN THE PAST....

And members here are getting screwed daily with false labels if Ebay has TAKEN The LIBERTY of CONNECTING EVERYONE'S BANK ACCOUNT TO THEIR SITE WITHOUT a MEMBER"S AUTHORIZATION and/or APPROVAL - THIS IS INSANE!!!!!!!!!!

Uploaded with ImageShack.us

-- Edited by budnonymous on Wednesday 17th of October 2012 01:59:26 AM

budnonymous · Top Poster

more of the same... victims being gouged for $thousand. Ebay and PP silent. What a cluster!

Oct 14, 2012 04:08 PM

its very frustrating that this is going on, In my case there were about 8 listings created, and they were bought immediately with buy it now. Buyers accounts were also hacked to bid on these fake listings. I had 32 labels printed off these fraudulent listings all to going to RUSSIA which overdrew my bank account $4000. I contacted the bank immediately . My bank was great. They closed and re-opened a new account for me, I had my original balance in my new bank account the following day. I contacted paypal as well and they opened claims on each one. All claims paid back within 2 days. My boyfriend had the same thing happen to him 2 months ago. In that case since we noticed the labels within 30 mins , we printed tracking numbers and took them straight to the post office. out of 22 packages 10 were held at customs. Apparently something needs to be done. I was told by Ebay that its a trend now. ..... I think the post office is on the losing end because in the long run they are delivering these packages for free. I suggest contacting paypal. they seem more helpful. If ebay is telling you to wait 48 hours it will give the packages time to be delivered.

Uploaded with ImageShack.us

budnonymous · Top Poster

budnonymous · Top Poster

Victims continue to surface, both in the above linked threads and more...

The stories along with the official silence reveal a lot about sleazebay ineptitude.

Delete your bank accounts if you don't want in my mess.

Oct 31, 2012 09:14 PM

Been fighting paypal for 3 weeks all started right here on ebay I sold some stone pipes over the past few months the a guy from another country hacked the ebay system and made it appear he was the buyer of all my items he then somehow charged me a bunch of shipping labels at 159.00 a label charged me 4 grand worth to my paypal which withdrawed from my bank,this was all 2 weeks ago my bank shut them off at 4,000 dollars because they got suspicious I called ebay mad as a hornet guess what they said they said nothing they changed the subject and was looking for ways to link my account to a suspended account i just got frauded out of 4 grand and they are going to try to link me to a suspended account?So I call paypal they and they claim they are going to take care of it they open up a case and i win it my account was frauded and it was their fault but guess what 2 days after i won the case they open it back up and my account is negative 369.00 and these idiots have the nerve to ask me to put another bank account on their site.It will be a could day in hell before i do that.I will never sell on this site ever again nor will i give paypal any of my banking info.You think this story is a joke think again.You better start removing your banking info.

Uploaded with ImageShack.us

budnonymous · Top Poster

And more.... note the details... LoLz!

Re: Fraudulent Shipping Label Charges

Nov 1, 2012 03:58 PM

hack, manipulation, whatever you want to call it.... I know this: the crook was in eBay as ME, cloned one of my auctions, and then used another "hacked/manipulated" eBay account to Buy It Now.

Coincidentally, yesterday, my wife's eBay account was hacked/manipulated. Not as a seller, but as a shill buyer. She "won" five auctions for a total of $488. I can say with dead moral certainty that she has not logged into that eBay account for months.

I am a database developer by trade. Nobody "guessed" my password or my wife's password. eBay must be freaked out. Frankly, this looks like an inside job to me.

I hate the inconvenience, but I am going to leave eBay and PayPal unlinked. That means signing into PayPal to pay for EVERY label. Fine.

Uploaded with ImageShack.us

-- Edited by budnonymous on Thursday 1st of November 2012 07:31:17 PM

budnonymous · Top Poster

No end in sight, despite ebay/paypal and the usps apparently having changed the countries which labels can be printed for. And again, note the person states they never even listed or sold an item on ebaY.

That is what is called hacked! No two ways about it.

Fraudulent Shipping Label Charges

Nov 6, 2012 02:25 PM

Same thing happened to me. 5 transactions for shipping to Russia for an item I never sold or listed... Disputed the transactions. Crossing my fingers.

Uploaded with ImageShack.us

budnonymous · Top Poster

More of the same, no end in sight

Re: Fraudulent Shipping Label Charges

Nov 23, 2012 05:16 PM

Just had this happen to me. $2000 worth of labels in 45min. I was on the phone with Paypal watching it happen. I have my fingers crossed that it gets fixed quickly as Cyber Monday is just around the corner.

Uploaded with ImageShack.us

budnonymous · Top Poster

The longer this goes on and the more accounts are hacked, the more it looks as though ebay/paypal has some verrry serious security issues ongoing. Again, note the details of the post content. Underlined emphasis mine.

Re: Fraudulent Shipping Label Charges

Nov 28, 2012 01:27 PM

Just happened to me. Somebody got into my seller accnt, sold something to a dummy account, and printed out 2 labels total 352$ of labels going to sweden. Fortunately i was right at my computer to get the email notices, i called paypal and while they were reversing the charges another label charge came through! The paypal lady said they were coming from ebay; she immediately and permanently blocked any transfer activity from ebay, and i changed all my passwords. I then called ebay and they found the fraudulent sale and the ship charges, they cancelled the labels and cancelled the auction so i wouldnt get charged sell fees.

I see all of the fraud charges have been reversed from my paypal. Fortunately i caught it before my bank account was overdrawn so I saved all that hassle. All is back as it should be.

So if this happened to you, this is what you do:

1. Immediately change your ebay password.

2. call up paypal, get the charges reversed, and block the auto ebay transfer link.

3. you can try to void the labels in ebay but not neccessary if you did step 2.

4. call up ebay, report the fraud, and have them cancel the fraudulent sale.

5. If your bank account was overdrafted from paypal, you will need to contact them as well.

Finally, I am a computer engineer and there is no way I would have given out my password by phishing. Only my ebay account was hacked. This looks and smells like an inside job, an employee selling user passwords.

Uploaded with ImageShack.us

Can you really trust this outfit? Consider the recent changes to the user agreements and all which may ooze from that cesspool of rancid possibilities.

-- Edited by budnonymous on Wednesday 28th of November 2012 08:22:40 PM

budnonymous · Top Poster

I see that the shipping label hacking is still ongoing. Read the post. Major ebay/paypal fail! How can anyone trust these clowns? Hilarious.

Account hacked - shipping labels created

Mar 6, 2013 04:34 AM

I could not find this on the board so I thought I would share.

Last night I received an email that an item sold - however - it was not an auction that I created. The buyer paid right away - then I received a notice that a shipping label was created (for $58.25) - I immediately called ebay. I explained to the heavily accented person what happened and asked them to freeze my account IMMEDIATELY - they gave me a bunch of gibber jabber about creating a ticket and such - I again requested a hold be put on my account IMMEDIATELY - while arguing with the rep - 3 items were created and sold and 15 shipping labels for the same amount were created - if the moron froze my account immediately - 14 of the shipping labels could have been prevented. Now my PayPal account is in the negative for $873.75. 2.5 hours later this was stopped - ebay had me void 15 labels (one at a time) then eventually connected me to PayPal to file 15 unauthorized transactions - what fun. I had to laugh when PayPal told me that I have to refund the buyer of the 3 fake auctions.

I have googled this problem and I am not the only one - it has been going on for quite some time. I would like to know how someone can print 5 labels for $58.25 each for the SAME auction going to the SAME person - shouldn't this raise a red flag? I would like to know why they can't freeze my account IMMEDIATELY upon my request - this could have possibly saved me $815.50.

Sorry for rambling - I am just really pissed off about this. It will take PayPal appox. 14 business days to investigate and then refund my money - and I am extremely concerned about the shipping labels - I am sure they printed them immediately and will try to use them - this will A: come back to me owing money and B: what they heck are they shipping that could also come back to haunt me???

Account hacked - shipping labels created_20130306_640.png