Many eBay users are already aware of the rash of spoofing and phasing emails that has been circulating online for nearly half a decade now. Spoof or phish emails are email messages that appear to be from eBay—in fact, they often use the eBay logo and look exactly like messages that eBay regularly sends—but that are in fact from online criminals instead.
These email messages usually get your attention by shocking you in some way. Often they they appear to be a warning of some sort from eBay for a rules violation of which you know you're not guilty. Sometimes they appear to be a complaint from a buyer or seller you've never heard of, but who claims to have been done wrong by you. In all cases, the goal is to get you to click and “log in” to a faked eBay website—because when you do “log in” to such a fake eBay website, you have supplied your eBay username and password to someone who can then use them to enter your account on the real eBay website—and commit crimes in your name, drain your PayPal account, and/or do other nefarious things.
Signs You're In Trouble
Most of the time eBay members whose accounts are stolen in this way by spoofers or phishers aren't even aware of it at first.
Instead, they encounter one or several odd or unexpected problems with their eBay account, finding out that it has been compromised only when eBay tells them that this is the case.
All of the following are signs that your eBay account may have been stolen in a spoofing or phishing attack:
• You're suddenly “locked out” of your eBay account. If without warning you are suddenly unable to log in to eBay using your username and password, it's likely that someone else has obtained your username and password and has used them to log into your account and change the password, logging you out.
• You appear to be selling items that you didn't list. If you log into your eBay account on any given afternoon to find running or completed auction listings for items that you did not post for sale yourself, it is almost certain that your account has been stolen and that someone else is fraudulently selling in your name, keeping the money for these without delivering any products—and leaving you holding the “guilt bag.”
• Unexplained transactions appear in your PayPal account. If you find that money has either flowed into or out from your PayPal account in ways that you didn't authorize and/or don't recollect, it's likely that someone has obtained your login information and is using it to log into your account and manipulate your financial reserves in one way or another.
• You receive telephone or email contact from angry third parties. If you are contacted by angry third parties claiming either that they delivered you goods for which you haven't paid or for which your payment was canceled, or that they paid you for an item that they did not receive, it is likely once again that someone has been using the name of your seller account on eBay in fraudulent trading of some kind.
Fixing the Situation
If any of the above scenarios matches your current situation, you should get in touch with eBay immediately, making very clear that you believe your account to have been taken over by a malicious third party. Contact eBay directly using this link that directly references the possibility of an account takeover. Explain that you suspect that you have been the victim of a spoof or phish email and await further instructions from eBay.
You should also immediately take the other following steps:
1. Change your email password.
2. Change the passwords for all online banking accounts.
3. If you are able to log in to your eBay account and you see auction listings that you did not post yourself, cancel them all immediately.