Now Pulled

Well I see ebay already deleted that thread...

Credit Card Number STOLEN, POSSIBLY EMPLOYEE OF EBAY?
abitofinsanity (0 ) View Listings | Report     Mar-10-07 12:57 PST
This morning I get an email from ebay:

Dear eBay user:

As a courtesy and for your safety, eBay notifies you whenever your credit card is used for
certain activities on the site.

Once you have a credit card on file with us and the same card is used again for certain
activities on eBay, we will send this notice to let you know that the credit card has been used.

These activities include using the same credit card to:

* register an eBay account using an anonymous email domain such as Yahoo or Hotmail,
* set up a selling account,
* update the credit card information on another account that uses the same card,
* gain access the Mature Audiences category, or
* place a bid over $15,000.

If you did not use your credit card for any of the above reasons, please confirm with all
members of your household as well as friends or business associates that they have not
recently used your credit card on eBay.

If you are still unable to explain the use of your card, please report the potential unauthorized account activity to us by taking the following steps:

1. Click on the "Help" tab at the top of the eBay Home page.
2. Click on the "Contact Us" link, located on the left side of the Help Center page.
3. Select the relevant topic on the Contact Us page to report the concern to our Trust & Safety team.

** Do not reply to this email as this is a system-generated message **

At first thought, I assumed it was a scam email and I do exactly what was said, to send an email to T&S. I receive a response from ebay a few hours later:


Thank you for writing eBay in regard to the email you received.

We have recently suspended another account registered with your credit
card information. You should not receive any charges from eBay.com as a
result of this unauthorized use of your card.

If you have not already done so, we would highly recommend that you
contact your credit card company to report our findings and dispute any
charges that you have not placed. You may also want to contact your
local authorities to inform them of violations.

Should any of the parties you contact need further information regarding
activities on the site please have them contact us.


Thank you for your time.



The credit card used on the ebay selling account is my husband's and this is the only place we use this number.
We call our bank and they inform us that there is a pending authorization for GAS made today. Guess where that purchase is from? SAN JOSE,CA

We live in VIRGINIA

Now, our selling account has not been compromised, password has not been changed and we still have full access to our account. So how is it that "someone" registered a new ebay account with our credit card number and purchased gasoline in San Jose, Ca with the same credit card? We have the card on us, so it could not have been stolen anywhere.

Is it possible someone who works for ebay is stealing credit card numbers? This makes absolutely NO SENSE to us or our bank. If anyone else can make sense to this, please respond. Or if you received the same email today ( it was sent between 7-730 am EST ), please reply and take the same precautions as we did.
34 replies     Date posted     Reply #
kathyseven (1023 ) View Listings | Report     Mar-10-07 13:16 PST     1 of 34
It's possible someone had a pocket card scanner and used it last time you handed your card over for a meal in a restaurant or other place. With the info from the scan they could make a duplicate card. I read a few years ago that scammers where putting in their own scanners inside gas pumps, on ATM machines etc.
One can't be too careful these days.

Scammers can be anywhere...even in San Jose. They sell the stolen info on black market internet sites for a few dollars per Card.

I doubt it was leaked thru ebay.....if you look in My Ebay, even you can't see the numbers. Only the last 4 digits are showing so you know which card is on file. Employees can't see your numbers.

Beware the button that takes you to a "Log In" page. Check My Messages First!

fenton.smith (105 ) View Listings | Report     Mar-10-07 13:22 PST     2 of 34
Almost anything is possible. Rather than simply cancelling the fraudulent charges, you need to ask your credit card company to cancel that card and issue another one. I also had a credit card in the public domain which was used in an attempt to register an eBay account. In my case, the card was apparently compromised elsewhere. I had several Yahoo charges on it and an attempted AOL charge.

All you can do is to contact eBay security concerning your suspicions. They may be able to look at employees who are privileged to access such information.

Remember the Stanley Milgram research.


kathyseven (1023 ) View Listings | Report     Mar-10-07 13:23 PST     3 of 34
Now, our selling account has not been compromised, password has not been changed

Just read your post again.....you might have a trojan on your PC and that's how the number was breached.
Scammers don't always let a seller know they've gained access to their account. It's getting more common these days for them to lay low and solicit your underbidders with fake second chance offers "right from your account".

You should scan your PC for anything malicious and change ALL Passwords and hint questions AFTER you determine your PC is clean.
Perhaps even change them from a safe secondary PC.

Beware the button that takes you to a "Log In" page. Check My Messages First!

mr_jats (23 ) View Listings | Report     Mar-10-07 13:25 PST     4 of 34
there is a pending authorization for GAS made today.

A pending authorization might indicate an attempt to check your card to see if it works before making the big "buy". You have been compromised and need to contact your credit carrier immediately and have the card blocked, cancelled and or reissued.

There's no realistic way for me to speculate on who may have done this nor can I guess how much of your personal information has been compromised, therefore you should read this information provided by a great board poster named pete and repeat on identity theft and what to do.


ID theft - what to do - from this article:

http://www.msnbc.msn.com/id/5184077/

Step 1: Protect your finances
Contact the fraud departments of each of the three major credit bureaus.
Get a copy of your credit report, which is free to ID theft victims. Ask that your file be flagged with a "fraud alert tag" and a "victim's statement." That will limit the thief's ability to open new credit accounts, as new creditors will call you before granting credit, generally. Insist, in writing, that the fraud alert remain in place for seven years, the maximum, according to PrivacyRights.org.

Credit bureaus

Equifax
1-800-525-6285
www.equifax.com

Experian
1-888-397-3742
www.experian.com

TransUnion
1-800-680-7289
www.tuc.com


Step 2: File a police report
You will need a police report to dispute unauthorized charges and for any insurance claims. Be persistent; your local police department may suggest that this isn't necessary, because they don't want the paperwork hassle. Also, fill out an online ID Theft complaint with the Federal Trade Commission or call 1-877-ID-THEFT.
That enters your case in the FTC's "Consumer Sentinel" database, a nationwide list of ID theft cases which can be used by law enforcement officers to find patterns and catch criminals.

Step 3: Close all compromised accounts
The list may be wider than you realize. This includes accounts with banks, credit card companies and other lenders, and phone companies, utilities, ISPs, and other service providers. Dispute all unauthorized charges - The FTC offers a sample dispute letter on its Web site. Disputes may require a sworn statement and a police report. The FTC also offers a form affidavit which can be used for the sworn statement at www.ftc.gov/bcp/conline/pubs/credit/affidavit.pdf .

More detailed 17-step plan to follow if your ID is stolen: www.privacyrights.org/identity.htm

"When bad things happen to your good name" - FTC document full of sample dispute letters and other recovery procedures: www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm

U.S. Department of Justice ID Theft kit: www.usdoj.gov/criminal/fraud/idtheft.html

Identity Theft Resource Center: www.idtheftcenter.org

ID theft laws vary by state - here's a list of state laws: www.consumer.gov/idtheft/federallaws.html#statelaws

Michigan State University School of Criminal Justice ID Theft page: www.cj.msu.edu/~outreach/identity

fenton.smith (105 ) View Listings | Report     Mar-10-07 13:26 PST     5 of 34
Note that many credit cards are compromised by trash can searchers. If you ever throw a credit card statement into the trash, you are vulnerable. People steal credit card information for a living and sell it on the web.

Remember the Stanley Milgram research.


kathyseven (1023 ) View Listings | Report     Mar-10-07 13:30 PST     6 of 34
There's similar info on ebay's site under the Security Center link at the bottom of most ebay pages.

http://pages.ebay.com/securitycenter/?ssPageName=f:f:US

This is the link dealing with identity theft.

http://pages.ebay.com/securitycenter/deterring_identity_theft.html

Beware the button that takes you to a "Log In" page. Check My Messages First!

just-a-venue (76 ) View Listings | Report     Mar-10-07 15:39 PST     7 of 34
If you started a new ID and used the same credit card you will get on of those.

JAV


It's all about the money.




stiner77 (8 ) View Listings | Report     Mar-10-07 15:45 PST     8 of 34
CANCELL MY ACCOUNT WITH PAY PALL.NOW.MR DURDON

stiner77 (8 ) View Listings | Report     Mar-10-07 15:46 PST     9 of 34
CANCELL MY ACCOUNT WITH PAYPALL NOW.MR DURDON

mr_jats (23 ) View Listings | Report     Mar-10-07 15:49 PST     10 of 34
CANCELL MY ACCOUNT WITH PAY PALL.NOW.MR DURDON


I don't think Mr Durdon hangs around here too much at least I've never met him. Why don't you go to the Paypal website and close your account yourself? Prolly be a more effective method IMO.

just-a-venue (76 ) View Listings | Report     Mar-10-07 16:18 PST     11 of 34
http://pages.ebay.com/help/account/closing-account.html#permanently

JAV


It's all about the money.




just-a-venue (76 ) View Listings | Report     Mar-10-07 16:18 PST     12 of 34
http://pages.ebay.com/help/account/closing-account.html#paypal

JAV


It's all about the money.




abitofinsanity (0 ) View Listings | Report     Mar-10-07 16:37 PST     13 of 34
Well, we never use the credit card when we go out because it doesn't scan. It hasn't since the day we got it, so we use mine when we go places. The only time we use it is to pay our ebay bill every month. We don't get paper statements from our bank so they couldn't have gotten it from the trash. I have numerous firewalls, windows defender, etc etc installed on my pc. We don't use the number anywhere on any website except ebay.

There will be an investigation. We are United States military and the card they stole was issued by Navy Federal. They cancelled the card already and they are issuing a fraud report and obtaining documents from ebay. We will prosecute for theft and I'm sure the bank will as well.

I'm trying to warn other people about this in case some have received the same email as we did this morning. We found it fishy that ebay doesn't show the entire card number, just the last 4 digits but when we spoke to the bank and they informed us that a gas purchase was made today from a BP station in San Jose, Ca, that threw up a red flag. Especially when ebay is in San Jose and its across the country from where we live.

jaysales (2631 ) View Listings | Report     Mar-10-07 16:44 PST     14 of 34
Ebay does not address you as "ebay user", they call you by your id. Send the email to spoof@ebay.com with the headers.

I believe the whole thing is a fake email. I could be wrong, but if it's fake, a reply to it would go right back to the scammers.


If you think the average person is stupid,
just remember that 50% of the population
is dumber than that.

just_another_tequila_sunrise (14 ) View Listings | Report     Mar-10-07 16:45 PST     15 of 34
We found it fishy that ebay doesn't show the entire card number, just the last 4 digits

This is a security issue. Ebay is right to only include the last 4 digits. Email is insecure and it would be foolhardy of them to include the entire card number in an email.


Regardless of how many security features you use on your computer, you are advised to run some scans to ensure that your computer is clear of any and all malware. The presence of malware on your computer could be the way that your number was compromised.


It is possible that your card number being used in San Jose is merely a coincidence. That area of CA is quite heavily populated and NOT everyone who is in San Jose works for Ebay or Paypal.

Image hosting by Photobucket Valley Girl Extraordinaire


fenton.smith (105 ) View Listings | Report     Mar-10-07 16:57 PST     16 of 34
I had noted the run together words in that email, but assumed (you know the saying) that it occurred when the OP copied it into the topic.

Even if you don't use your credit card elsewhere, the banks and many other institutions are constantly supplying information to the credit reporting services and other information gatherers. Some of the transfers are breached and sometimes the security of the reporting services and information gatherers is violated. There is no way to determine where such information may have gotten away.

I find it difficult to believe that a gas station accepted a charge without the person having the card in hand. Normally, fraudulent charges are placed online rather than at retail establishments - especially when only the credit card information was stolen and not the actual card. Check your credit report and the bank. See if someone requested a new card on your account.

Remember the Stanley Milgram research.


tunatofu (1226 ) View Listings | Report     Mar-10-07 17:02 PST     17 of 34
Is it possible that the CORPORATE HEADQUARTERS of a local store/company you dealt with is located in California? After all, I have credit card charges for my Ebay bill from San Jose and I certainly have never been there in person...

just_another_tequila_sunrise (14 ) View Listings | Report     Mar-10-07 17:04 PST     18 of 34
Ebay does not address you as "ebay user", they call you by your id.

Actually, they do address you as "eBay user". Here is the text of the email I received in January after I DID add my CC to another eBay account.

Dear eBay user:

As a courtesy and for your safety, eBay notifies you whenever your credit card is used for
certain activities on the site.

Once you have a credit card on file with us and the same card is used again for certain
activities on eBay, we will send this notice to let you know that the credit card has been used.

These activities include using the same credit card to:

* register an eBay account using an anonymous email domain such as Yahoo or Hotmail,
* set up a selling account,
* update the credit card information on another account that uses the same card,
* gain access the Mature Audiences category, or
* place a bid over $15,000.

If you did not use your credit card for any of the above reasons, please confirm with all
members of your household as well as friends or business associates that they have not
recently used your credit card on eBay.

If you are still unable to explain the use of your card, please report the potential unauthorized account activity to us by taking the following steps:

1. Click on the "Help" tab at the top of the eBay Home page.
2. Click on the "Contact Us" link, located on the left side of the Help Center page.
3. Select the relevant topic on the Contact Us page to report the concern to our Trust & Safety team.

** Do not reply to this email as this is a system-generated message **

eBay Safety Tip:

Some community members have reported receiving deceptive emails claiming to come from eBay, PayPal, or other popular Web sites. The people who send these emails (also known as "spoof" or "phishing" emails) hope that unsuspecting recipients will reply or click on a link contained in the email and then provide sensitive personal information.

You can take a few simple steps to protect your account and prevent senders of deceptive emails from doing harm:
* If you need to update your personal or financial information on eBay, type the eBay Web address into your browser or use a bookmarked link.
* Use My eBay or the Site Map to find pages on eBay, rather than relying on links from emails.
* Report suspicious email immediately by forwarding it to spoof@ebay.com.
eBay's Help system provides detailed information about spoof emails, identity theft, and what to do if your eBay account has been compromised.


Image hosting by Photobucket Valley Girl Extraordinaire


just_another_tequila_sunrise (14 ) View Listings | Report     Mar-10-07 17:16 PST     19 of 34
Also NOTE that neither email (OPs or Mine) contains a link to log in. They tell you how to contact Ebay from the Ebay Home Page.

And they tell you NOT to reply to the email that sent them.


It sounds like Ebay flagged, and correctly, a possible misuse of the credit card belonging to the OP, sent the appropriate email to the OP, and also an appropriate follow-up from T&S regarding the misuse of their CC.


Now the OP has another issue in that someone has made a charge on their card for Gas in San Jose.


It is entirely possible that your card has been cloned, OP. The person using your number in SJ, may well have a card with your number on it. There are organized groups who do this type of crime on a regular basis. We see in the news, the authorities closing these operations down from time to time. The criminals have all the equipment to do this and make the cards look and work just like the ones that come from the Card Issuers.

One thing I find troubling is that your card does not scan. This is a red flag in itself. Why have you not reported this and requested a new card from your issuer?

Image hosting by Photobucket Valley Girl Extraordinaire


wallyh (697 ) View Listings | Report     Mar-10-07 17:28 PST     20 of 34
GOOD GRIEF...............

a (0) FEEDBACK SELLER/BUYER GETS SO MUCH INFO.

DUMB..

MY TWO PENNIES, WALLY :)

fenton.smith (105 ) View Listings | Report     Mar-10-07 17:32 PST     21 of 34
You still haven't heard of posting IDs?

Remember the Stanley Milgram research.


just_another_tequila_sunrise (14 ) View Listings | Report     Mar-10-07 17:33 PST     22 of 34
Good Grief ...

Could it be the OP is using a posting id?


:|

Image hosting by Photobucket Valley Girl Extraordinaire


dimesy1 (0 ) View Listings | Report     Mar-10-07 17:37 PST     23 of 34
This is how someone in San Jose can swipe "your" card at a gas pump, while your "other" card (the real one) is in your wallet in Virginia.

jaysales (2631 ) View Listings | Report     Mar-10-07 17:59 PST     24 of 34
Ebay does not address you as "ebay user", they call you by your id.

Sigh...they used to tell you that they would always address you by your id. Guess that changed:(


If you think the average person is stupid,
just remember that 50% of the population
is dumber than that.

profdata (672 ) View Listings | Report     Mar-10-07 19:05 PST     25 of 34
Card skimmers, the thieves are so bold that they even attach them to bank ATM machines. The card user never even know it was skimmed

You insert your bankcard, the skimmer reads it, and then continues sending the card to the atm.

You get your cash, and then your card back.

A few hour later the scammer shows up and removes the "skimming box"


dimesy1 (0 ) View Listings | Report     Mar-10-07 19:21 PST     26 of 34
Since the OP doesn't use the card for anything other than eBay and doesn't get paper statements, and yet a physical clone must exist since it was swiped at a gas pump...

there must be some variation of carding that works with only the card number and doesn't need to access the magnetic strip data in order to create a usable counterfeit. Great.

abit, please keep us posted of what you find out from the Navy's investigation.

arnoldtrading (38 ) View Listings | Report     Mar-10-07 19:51 PST     27 of 34
The fact is that most eBay/PayPal employees do not have access to your credit card number. Most can only see the last four numbers, much like you do.

humptysrevenge (Private ) View Listings | Report     Mar-10-07 19:54 PST     28 of 34
abit, please keep us posted of what you find out from the Navy's investigation.


The Navy is not going to investigate. NFCU is a credit union established for the use of qualified US military. There is nothing secret squirrel about it.

kathyseven (1023 ) View Listings | Report     Mar-10-07 21:21 PST     29 of 34
So then they must have a rogue employee at this "credit union". Wouldn't be the first time a bank employee was doing the scamming "from the inside".
That's where they need to start the investigating.

Beware the button that takes you to a "Log In" page. Check My Messages First!

redarrowsoldiermom (0 ) View Listings | Report     Mar-10-07 22:31 PST     30 of 34
Yes it could also be a rogue employee at ebay/Paypal as they are a big enough company to have a few of their own.

kathyseven (1023 ) View Listings | Report     Mar-10-07 23:13 PST     31 of 34
redarrow,

All sensitive info is encrypted. Ebay/Paypal Employees don't have access to it. Your bank teller has more info about your accounts than ebay/paypal employees do.

The average internet user doesn't understand how dangerous the net is these days. They get too comfortable and think nobody is interested in them or their info.

Beware the button that takes you to a "Log In" page. Check My Messages First!

fritz116 (179 ) View Listings | Report     Mar-10-07 23:20 PST     32 of 34
Given the events of the last (few) weeks... Be safe, rather than sorry, & contact your CC company.

Take whatever precautions you can.

Run a Credit Check report (there are free 1nes out there), to make sure your OTHER info - SS, Driver's, etc wasn't compromised, & somebody didn't get a fake ID in your name, take your history, buy a house, etc...


The only 1 who can cover your bases is you.
Porki/Fritz



Jesus is a VERO member.

posting.nightmare (0 ) View Listings | Report     Mar-11-07 06:28 PDT     33 of 34
I beg to differ that there aren't any bad eBay employees that can get CC info and sell it.

I get eBay/PP spoofs all the time. BUT the 1 and ONLY time I got a spoof telling me to renew my CC info at eBay WAS the same week that my card expired. Now HOW did some one know when my card expired if someone isn't selling that info. BTW, that was my PP debit card too.

fenton.smith (105 ) View Listings | Report     Mar-11-07 07:10 PDT     34 of 34
Perhaps that eBay spoof wasn't a spoof. The automated processes at spoof@eBay.com and spoof@PayPal.com have been known to make mistakes when submittal instructions aren't followed to the letter. Even when they are properly followed, the processes have been known to make mistakes. Did it contain your credit card number or just the expiration date and last four digits of the number. You have no evidence that whomever sent you that email had sufficient information to do anything with your account. Assuming that it was a real phishing email, it is clear that the scam artist wanted information that they couldn't get any other way. If they really had access to your credit card info inside eBay, please explain why they didn't wait for you to renew and then steal it. Seems to me that that would have been a far smarter approach.

Remember the Stanley Milgram research.


Page 1 of 1