The eBay “Just Sold” Scam

Dec 19, 2007 02:45 · 347 words · 2 minute read ebay just sold phishing security

Today, I nearly fell prey to a phishing scam. I am totally not the kind of person who falls for phishers, but this was a wild one.

I was selling my PowerBook G4 12″ on eBay and the auction ended today. As usual, the bidding intensified at the end, but a winner was declared at a price I was happy with. A short time later, I received an email from eBay saying that a payment has been made and giving me a link for the details. I clicked that link, not suspecting anything because I had, indeed, just sold an item. My browser’s location bar started out at cgi2.ebay.com, and went through a couple of forwards before landing on isapitems.pisem.su.

That page was done up with eBay’s logo and login page appearance, and I actually submitted my eBay username and password. Just after I did, something felt fishy about it and then it brought up a page styled like an eBay home page. When I saw that, I knew for sure it was a scam and immediately changed my eBay password.

I was really puzzled by this. eBay only lets you contact other members if you have an open transaction with that member. How could I have gotten such a targeted phishing scam? The answer came a couple hours later. eBay’s security people alerted me that the winner of my PowerBook’s account had been tampered with and bids had been made without his knowledge. That’s quite the scam. Take over one eBay account and then win auctions just to get the passwords for more accounts.

While I’m glad that I escaped from the phishing net, it was a drag having to re-list the item. eBay deleted the entire auction. Thankfully, Google’s cache still had it so I could just cut and paste the text back in to a new auction.

If you’re a seller on eBay, just be aware that even emails with links that route through eBay could lead to phishing sites.

p.s. If you’re interested in my PowerBook, the fresh auction runs through Christmas day.