I was running on the treadmill yesterday afternoon when my iPhone started flashing dozens of new emails. I quickly ended my workout and went up to my office to see what was happening and to try and create a filter in Gmail to stop the spam. When I got to my desk, I had hundreds of new emails, all of which had large numeric subject lines from various spoof email addresses.
Frustrated with the sheer volume of spam I had received, I began to delete mass amount of it before heading to the Red Sox game. As I was deleting emails and hitting the “report spam” button within the Gmail control panel, I continued to receive a deluge of new spam emails. I worried that it wouldn’t stop by the time I left for the game, and my iPhone would be useless. Turns out, that was the least of my worries.
In the middle of deleting receiving the spam emails, I noticed an email from eBay with a subject of “eBay Change Email Notice.” I could tell it was from eBay and wasn’t another spam email. The email message said, “Thank you for submitting your change of email address request. Instructions on completing the change have been sent to your new email address. Once the process is completed, your eBay-related email will no longer be routed to this email address.”
At this point, it became apparent to me that the massive influx of spam was likely used to try and prevent me from seeing the email from eBay. Since I don’t use my eBay account all that much, I may not have noticed anything for a while. Luckily, I was clearing out and deleting the spam messages as they continued to pour into my account, so I noticed the eBay email.
Once I realized that it was likely my eBay account was stolen, I didn’t find it very easy to report a stolen eBay account. When I found the correct page in the support section, it asked me to sign in to my account. When I tried that, I found that my password had been changed and since the email on file had been changed, too, I couldn’t do a password reset. It wasn’t at all obvious what to do if my account access had been completely changed.
By this point, going to the Sox game became less of a priority, and I searched for the eBay customer service phone number, which is 1 (866) 540-3229. After a 9 minute wait, I spoke with a nice guy who seemed to understand the issue. He asked a whole bunch of questions, and I was told that he secured my account. I will supposedly receive something to reset and re-secure my account.
When I returned from the game, I still hadn’t received the email from eBay. To make matters worse, when I searched my user ID, I saw that someone changed that, and a password reset attempt showed that it was registered to someone else. I called eBay back and had a 64 minute wait on hold. I then spoke with someone for another 40+ minutes, and she verified my account, added my email back, and changed the account name. Unfortunately the security questions were no longer valid (asking about a credit card that I used back in 2006). I was locked out, but at least I sort of had control.
First thing this morning, I called eBay customer service again, and I spoke with someone almost immediately. He seemed to have more knowledge than other reps, and he was able to verify me. He then used my IP address to white list me and unlock my account so I could log in to it. Thankfully, this representative was very helpful and appears to have resolved the issue.
I wish the process of securing a stolen or hacked eBay account was easier, but I am glad this seems to be resolved. It seems easy for someone to change all information on the account, making it seem impossible to regain access without a long phone call. I still don’t know how my password was stolen, but I made it far more secure.
I don’t bid much on eBay, but I certainly don’t want someone to use the goodwill I’ve earned since 2005 to cheat anyone or do anything fraudulent.
Thanks Elliot for sharing. You might want to consider changing passwords of all your domain accounts with different registrars just to be on safe side. May be your computer have been compromised. Better scan and check everything to make sure all is good at your end.
It’s a wise suggestion. However, I think someone would go for other accounts rather than eBay if they compromised my system. I have well over 500 positive feedbacks (100% positive) but haven’t sold anything in a very long time, so someone probably found this high rated dormant account and it was a high value target.
That said, it’s always good to change passwords and keep things secure. Thanks.
You’re welcome. Always love reading your blog. One of my favorites 🙂
One piece of advice is that if you start receiving a ton of spam at once, it might be a smokescreen for some type of hacking attempt.
I just finished watching The Internship and this story reminds me why tech support is so important.
Yikes, Elliot! Good thing you’ve got a handle on it not. Perhaps misread the details but I’m confused as to how they were actually able to successfully change your eBaY password to begin with, despite the smokescreens etc.
Handle on it now*
Whatever; the ugly reality of eBay Inc.:
eBay’s crooked auctions marketplace … bit.ly/11F2eas
The clunky “PreyPal” … bit.ly/UVXx53
The ongoing joke of it all … bit.ly/YvxFEg
Quotes from the eBay executive suite … bit.ly/12xvzyA
Elliot, on the off chance you used the same info on Paypal.com, make sure that isn’t cleaned out and your bank account that was attached also.
Good suggestion. Both are completely different.
Just a suggestion here.
I have a domain name over at escrow.com waiting for buyers payment, it may not be a lot to some of you but its a nice sale for me $5000.
the buyer has not paid going on a week for my domain.
If domain names and websites are called internet real estate and property, the why after a certain dollar amount.. say a thousand or more, why are they not required to make a good faith down payment of ten percent, then if they don’t pay they loose the down payment, that may save everyone’s time and get rid of bogus buyers, this is my third one and its really becoming a joke.
Have you contacted the buyer via phone or email? Sometimes it can take some time for companies to get invoices/payments approved, so perhaps that’s it.
Hopefully the deal goes through for you.
I had a hack on my eBay which I noticed when I got an email saying payment was due for a TV I had not ordered. After sorting out this and two more TVs I changed my password on the account. When ordering something genuine today, I suddenly noticed that the delivery address had been changed. When changing passwords over a security scare – check all account details in case of such a change, otherwise when you buy something it will be sent to another address.
eBay are appalling in not providing this advice recently, saying nobody had had their accounts compromised..