eBay Fraud Scams exposed

While eBay refuses to secure it’s own site the professional hackers continue posting XSS flash auctions which will extract your eBay login and password : directly on eBay site if your browser has flash and javascript enabled. So once your login and password gets into hands of professional hackers, what happens next? Your eBay login will get used in the following manner: If you have selling enabled on your eBay account, the hacker will then login as you and post a bunch of fake auctions, requesting unsuspecting buyers to contact him at some gmail/hotmail/aol/msn or other free disposable email address. Those auctions will be for expensive high end item which normally sells for high dollar value and the scammer will offer this item for about 30% of going rate.

Here is an example of such hijacked seller account auction with all tell-tell signs that the poor eBayer has been phished and now instead of book listings you see scammers repertoire of high end items asking you to email him to his gmail address so you can have those items for only $1000… let’s take a look at this Apple MacBook Pro listed in Books/Antiquarian Category on eBay on Hijacked / Phished PowerSeller account from Germany

There are currently 83 fake scam auctions listed on this Hijacked Seller account on eBay - see link to the hijacked seller auctions by hacker on this hacked eBay account : ebay-seller-ensabel-antiquarian-collectible-dvd-hd-dvd-blu-ray-items-on-ebay.gif

Once buyers contact the scammer in his gmail address, the scammer will tell them some story why he is giving away the expensive item at such a low price, divorce, tuition, cousin works at the factory…. and will ask the victim for their ebay login name, full name and address so he can prepare a fake eBay invoice and email this fake invoice with eBay logos pretending this invoice came directly from eBay, recommending a wire transfer cash payment to Romania or Spain or UK as a safe method, assuring satisfaction guarantee and free shipping.  If the buyer/victim wires the money, they will never hear from the scammer again.  Bu this time the hijacked seller already discovered his account login and password have been compromised, reported it to eBay, eBay will remove the auction (check it out:  when you try to access the auction we have provided screen shot - here is a link to eBay listing:  you will find that it was removed, this makes it impossible for a victim to document to the law enforcement such auction even existed or that the auction was on a credible eBay seller account with good feedback …..eBay will then  pretend this scam never happened on it’s site.  If the victim who wired the money comes seeking assistance from eBay, eBay will not offer any, as there was no auction and the instructions that the victim received, although they looked like official eBay invoice with eBay payment instructions, they were just a fake invoice cleverly constructed to look like eBay sent it.