Many eBay users are already aware of the rash of spoofing and phishing emails that have been circulating online for years. Spoof or phish emails are fraudulent messages that look like they're from eBay; they often use the eBay logo and look exactly like messages that eBay regularly sends. However, they come from online criminals instead.
These email messages usually get your attention by shocking you in some way, such as a warning of some sort from eBay for a rules violation of which you know you're not guilty. Sometimes they appear to be a complaint from a buyer or seller you've never heard of but who claims to have been treated poorly by you.
In each case, their goal is to get you to click and “log in” to a faked eBay website—because when you do “log in” to such a fake eBay website, you have supplied your eBay username and password to someone who can then use them to enter your account on the real eBay website. The criminal can then access your account, bid on eBay items, drain your PayPal account, and engage in other nefarious activities.
Signs You're in Trouble
Most of the time eBay members whose accounts are stolen by spoofers or phishers aren't aware of it at first. Instead, they encounter one or several odd or unexpected problems with their eBay account, leading them to discover that it has been compromised only when eBay informs that this is the case.
Any of the following signs show that your eBay account may have been stolen in a spoofing or phishing scheme:
Suddenly Locked Out of Your Account
You're suddenly “locked out” of your eBay account. If without warning you are suddenly unable to log in to eBay using your username and password, it's likely that someone else has obtained your username and password and has used them to log into your account and change the password, logging you out.
Selling Items You Never Listed
You appear to be selling items that you didn't list. If you log into your eBay account to find auction listings for items that you did not post for sale yourself, your account has almost certainly been stolen and someone else is fraudulently selling in your name to keep the money for these items without delivering any products—and leaving you holding the “guilt bag.”
Unexplained transactions appear in your PayPal account. If you find that money has either flowed into or out of your PayPal account in ways that you didn't authorize or don't recollect, someone has likely obtained your login information and is using it to log into your account and manipulate your financial reserves in one way or another.
Complaints From Third Parties
If you are contacted by angry third parties claiming either that they delivered you goods for which you haven't paid or for which your payment was canceled, or that they paid you for an item that they did not receive, once again someone has likely been using the name of your seller account on eBay in fraudulent trading of some kind.
Fixing the Situation
If any of the above happens to you, get in touch with eBay immediately, making it very clear that you believe your account a malicious third party has taken over your account. Explain that you suspect that you have been the victim of a spoof or phish email and await further instructions from eBay.
You should also immediately take the other following steps:
- Change your email password.
- Change the passwords for all online banking accounts.
- If you are able to log in to your eBay account and you see auction listings that you did not post yourself, cancel them all immediately.