It's Official: Ebay Has Gone Insane!

[dafoe]

At first I thought this was a phising scam. I went to log in at Ebay to pay for an item I had won about a week ago- forgot all about it. And I was met with a "security" page demanding a mountain of personal information before they would allow me to log in.

Here are some of the things they want:

Birth Date

Mother's Maiden Name

Credit Card Number (Along with the exp date cvv number

ATM Pin Number

Social Security Number (No, seriously, they have the gall to demand your ssn even though they have no legal right to do so. Try logging in without it.

Bank Routing Number

Bank Account Number

As far as I can tell the last two are not required. But has Ebay lost their freaking mind??! Paypal is pulling the same shit.

I am not one these people that is paranoid about giving out personal informatiom. If anything, I'm probably a little too apathetic about the prospect of identity theft. But this is asinine.

The good news is you don't have to enter real numbers. I entered random numbers and fake info in every field (except bank acct info which I left blank)and it went through with no problem. There was just no way I was giving one company all that info.

Has anybody else seen this yet?

[Tearren]

I haven't run into this, but I haven't bought anything in the last week (Last item I bought on eBay was purchased on June 21, 2007). Just tried logging on and didn't get the request for that information.

I know you said you thought it was a fishing scam, but that type of information does sound questionable, esp an ATM Pin number, did you get this request through email? Did you close the browser, open a new one and log directly on to eBay.com?

Tearren

[thecoalman]

It's official you've fallen for it, at least that's my bet. That has be a scam, they don't need all that info and don't see ebay asking for it under any circumstances. If they were requesting that much it's going to turn into a ghost town. Your browser must have bben hijacked or something.

How are you getting to e-bay? Shortcut, favorites? Try typing the address directly into your web browser.

[yoda313]

yep thats a scam alright - I just went to www.ebay.com clean from the address bar and just got the normal login. All I needed was my normal password and I was in just like that.

[lordsmurf]

If eBay ever tried that shit, I'd be writing a letter to my Attorney General, as well as the Federal Trade Commission.

[dafoe]

Thats the weird thing. When I first got that page, I closed the browser re-opened it and typed in the address again. Got the same thing. The other thing that was strange was that when I typed in the fake credit card info it didn't cause any problems.

I'm not stupid enough to fall for something like that. But I feel like an idiot for even considering that it was legit. I guess that tells you how low my opinion of Ebay and their arrogance is.

What I don't get is how I was redirected to that page. Twice. Now, everything is normal and I can't find the bogus page in my history. I changed my Ebay pass because I can't remember if I logged in at some point or not.

I am going to use Opera until I can reformat- just to be safe. But I am really curious as to how this happened. I don't have any favorites yet as this is a fairly fresh install- my old hard drive died about a month ago. And I didn't get there via links. I am about 80% certain that I checked to make sure the site was secure. I wish I had checked the code. At the time I didn't care because I had no intention of giving out my real info. But now I'm really curious about this one. Google doesn't seem to turn up anything on this.

My browser has been acting funny all day. It is reporting an error and needs to be closed. I've had my browser hijacked before and had the homepage changed but that was it. Are the there other types of browser hijacking that allow them to redirect rather than permanently change your homepage?

[thecoalman]

Just a wild guess but I'm guessing you have some malicious code on your machine, probably activated by logging onto e-bay which forced a redirect to the phishing page. Probably a one time deal too so you don't suspect anything. I'd suggest doing some house cleaning, because it may be doing other things as well such as logging passwords and other things. This is certainly something I wouldn't take lightly.

I am about 80% certain that I checked to make sure the site was secure.

A secure connection only means that the data being passed from your browser to the server is encrypted so if it's intercepted by a third party in transit it can't be read, it has nothing to do with whether the site is legitimate.

[dafoe]

Thanks for the info. I will keep that machine off the internet until I can reformat-not a big deal I have all the needed drivers and most software already on a DVD-R

Again, thanks for the help.

[liquid217]

I would also make sure your 'hosts' file is clean. It is very easy to redirect a domain to a phishing site if the right record is added to the hosts file. Yours is probably located in
c:\windows\system32\drivers\etc

and should (normally) contain one line
127.0.0.1 localhost

[TooLFooL]

yes dafoe, it is ABSOLUTELY 100% CERTAIN your computer is infected! other readers please take note and don't ever fall for ANY familiar, reputable website EVER asking for this type of information! this is 'phishing' at it's best!

[dafoe]

As you all can tell, I am not exactly a PC expert. But I build my own PCs and I know more about hardware and software than the averaqe person- which isn't saying much. But it's always good to learn something new.

My concern now, and I have no evidence to support this, is that there is a keylogger on my machine also. I'm going to change my credit cards and bank account numbers just to be safe.

My other concern is that there are two other machines in the house using the same
IP. What are the chances that they are infected? Is there a foolproof way to detect that sort of malware?

[waheed]

I can say for a 100% fact that its a scam only by reading one piece of information asked for:

ATM Pin Number

Nobody will ever ask you for your pin number for security purposes (or any other purpose for the matter), not even your own bank ! ! !

[lordsmurf]

Use WinPatrol, check your HOSTS, AVG, Spybot S&D, etc Start with each of these. Move on to more if they find nothing. It might even be a rootkit.

[dafoe]

Thanks for the tips. I will run that stuff on the two laptops. The PC that is infected is quite old. It's running Windows 2000 and I hadn't gotten around to installing antivirus or firewall on the new hard drive. I know, bad combo. I am just going to format that machine.

I know it sounds stupid, but I never really worried about that sort of stuff. I knew that it was possible for hackers to record keystrokes and log passwords and I still didn't worry about it. Again, I know it sounds stupid. I guess nobody thinks it will happen to them.

In a way this close call was a good thing. It was definitely a wakeup call. I will take internet security more seriously from now on.

Just checked the hosts file on the infected machine and the Vista laptop. Both are clean. I will run some of the software today or tomorrow. I used to use hijackthis for browser hijackers. I seem to remember it being a pretty good program. Is it any good for keylogger detection?

Anyway, thanks to everyone for the help. I will let you know what happens if anybody is curious.