Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Adventures in Paranoia | Main | Inside a Spammer's Template »

November 12, 2005

When Your eBay Account is Stolen

In Spam Wars, I describe a few scenarios of what can happen if you succumb to an eBay phisher and yield your account to a crook. A double-whammy occurs that not only ruins your account, but can also lead to another eBay user being scammed out of some big bucks. Very often there is also a third victim: an eBay seller whose legitimate auction data (description, photos, etc.) get lifted by the phishing crook.

Some such crooks are far more stupid than others, as is the case I noticed today.

I'm a fountain pen junky (fortunately my jones isn't too bad), so I came upon a legitimate eBay auction for a limited edition Mont Blanc pen no longer in production. The auction is still running, but as of this writing, it has been bid up to $1325.00 (if you use a Bic ballpoint, don't ask). As a limited edition pen, it is numbered—so-and-so out of thus-and-such. In this case, the pen on auction is number 0473/4810. The seller provides eight photos, describing the unused pen's condition thusly:

THE PEN IS UNTOUCHED, STILL WRAPPED IN ITS CELLOPHANE SARCOPHAGE. YOU ARE GETTING IT WITH ALL THE BOXES, ALL THE PAPERS IT CAME WITH FROM ARTHUR BROWN'S PEN SHOP IN MANHATTAN.

Now that's a description you don't see everyday...if ever. The seller takes payment via PayPal, has been an eBay member since 2001, and has a 100% percent feedback score of 591. The auction is a 7-day listing, and both the seller and item are located in the U.S. A check of the seller's recent feedback shows that he has been actively selling a variety of antique items (in fact "antiques" is part of his eBay ID). These and other clues would lead me to trust this offering as being legitimate if I were interested in this item.

Turning up in a search for the same item is another eBay auction with the exact same title. The auction is a 1-day listing, not a very common occurrence on eBay. But get this: The serial number of this second auction is 0473/4810. The description include the very same bit about the pen's "cellophane sarcophage" (in all caps) and its shop of origin. The eight photos are the same.

The seller for this second auction is different, however. He has been a member since 2002 and has a feedback rating of 47. He is located in Germany, and the pen, oddly enough, is located in China. The auction's currency denomination is in Pounds Sterling (GBP)—get out your atlas to follow this one. Oh, and payment has to be done either by wire transfer or Western Union transfer, the latter being highly recommended to speed the transaction. (Yah!)

I looked into the feedback of the seller shown for the second auction. He hasn't been that active recently, but the two auctions I could check are for a ragtag assortment of low-end general merchandise (apparel and home/garden goods). There are a bunch of one-day auctions currently running, all for limited edition pens.

My best guess is that the owner of the second auction's account fell victim to an eBay phisher's scam, yielding the account user name and password. The crook logged on with that combo, and changed the password so that only he can now run amok with the account. The rest is simple copying of existing legitimate auction descriptions and photos, hoping to catch a bargain shopper with a deal that (really is) too good to be true.

To offer a bogus numbered limited edition item while the real item is still on auction won't catch too many eBay buyers who are really into the category. As I write this, there are about 5 hours left on this crook's 10 auctions, and only a handful have single bids (although a couple of them for over 150GBP). If eBay can't close down these auctions in time (how convenient to do bogus 1-day auctions over a weekend), several folks may get swindled because they're letting greed override sanity. In the meantime, some who see both the legitimate and bogus auctions may call the real ones into question, costing the real seller some higher bids.

The guy who gave up his eBay account has also let the crook gain access to credit card and other personal info. His nightmare is just beginning.

Posted on November 12, 2005 at 04:56 PM