I was hacked through eBay, and now have security advise
Some how somebody hacked my ebay and purchased an $800 pair of shoes. EBay caught it and notified me, but PayPal did not help one bit and didn't issue my money back... Luckily my credit card company stopped the money from going through. I did learn something though. Ebay was super helpful during a long phone call and told me about 2 step security... Its super easy to do. So if your like me and worry about this stuff now, the 2 step security forces you to recieve a text and type the code in each time you log in. This in turn really adds a large amount of security from hackers. I ended up doing this feature with eBay and PayPal. If you haven't done this I highly suggest to do it. You need to go into your settings/security to enable. Have a great day.
Forcefed4door Multi-factor authentication has been around for awhile but the smart phone text version is a bit newer and very nice imo. Can even use it on some email accounts like yahoo.
Toss in mandatory pw changes due to time., some added security questions for unknown devices, pop a followup alert email for unknown devices, and you have the social security online system....
Then put your browser in auto-dump-history mode and you’re an unknown device on every log in.
I love it all. My best is then using my wife’s cell as the target. It’s the new digital form of gaslighting. “Do you get crank calls with funny codes?” Why no, dear, I have never heard of such a thing, are you sure you’re not imagining it? Heh, heh.....
“Hey, my phone’s doin it again.” That’s just crazy Dear.....
StrangerDanger Interesting post as I had made a small purchase on eBay a few weeks ago and ever since, I’ve gotten a few emails from my back saying my online banking is suspended due to multiple attempts to sign in.
Blackcat Sometimes the "your account is suspended" is not from your bank at all but a phishing scam. Be careful to check the email headers of any email like that.
If they got your eBay because they got your email first, those 2 step procedures are not a big help. Regular password procedures plus personal certificates that verify both sides are much better for something like banks. But convenience drives the business so there's only so far they want to push us.
GC And then there were the 3 separate emails "confirming" purchases from the app store -
with the usual if you didn't make these purchases or need to cancel them, use this link......
Except that it was an attempt to get my information - Forwarded all to apple fraud dept....
A friend fell for one of these and it was a nightmare undoing it all.........be careful out there
4catmom Yes; my Amazon account was highjacked a few months ago. Luckily I received an email just confirming that I'd changed my account name and password, so I was able to quickly get on the phone with amazon and freeze the account before anything was purchased.
they wound up also highjacking my Instagram account and a couple of other accounts. I immediately contacted every one and recovered everything except my Instagram account. I couldn't get that back, but I at least was able to contact all my friends and tell them it no longer belonged to me and to report it as a fraud; they did and we got it deleted.
to make a long story short, I turned on the two-step notification for everything from email and social media to Amazon, eBay and beyond.
It's an extra step everytime I log in, but it's WORTH IT.
Thanks.
HackersShouldDie I have alerts set up with my bank for all credit card purchases above a certain dollar amount and for all gas purchases--- which gives me the ability to respond quickly if my account is hacked---the alerts come by email -instantly
Hmm I should add that 2 step feature to amazon as well. Thanks for that. Its totally nuts I just got am email this morning from eBay asking me to complete a checkout. It was for a moen tub faucet priced at $1,500 and the seller looks totally legit. This hacker was about to do some serious damage to me.
My brother had a ride on lawn mower for sale in his yard about 10 years ago with a sign on it.
Some people call a ride on mower a lawn tractor.
He got a knock on the door from a guy that said he was there to 'pick up the tractor'.
Then the confusion for both him and the guy at the door started when they went to the mower.
My brother apparently had a seldom used Ebay account, and someone had hacked it and listed a fake full size real farm tractor for sale which the guy at the door thought he had bought.
I wasn't there- but I'd imagine it went something out of a tv show or movie...
It took him a lot of time and hassle to get it all straightened out.
Josh I highly recommend using Authy with Yubi security keys where possible.
This site has a pretty good list of sites supporting 2FA. https://twofactorauth.org/
alpha1beta while multi-step authentication is sometimes helpful, don't let your guard down. it's been out long enough that thieves have learned how to route texts to your number to their phones (so you never receive them). keep vigilant!
ken eCommenting is no longer available.