Sunday, March 4, 2007

Change the Email Address You Registered with eBay

An eBay member wrote to the blog informing us that he received an unsolicited email message from a known hijacker directly to his registered email address. Here are the facts:

1. The eBay member is currently bidding on an item, however, he is an underbidder.

2. The email message was unsolicited, informing the member that the hijacker was aware that the member was bidding on a particular item on eBay that the hijacker has available. The email message did not come through eBay, there was no HTML in the message, and it was not an eBay member to member message.

3. This email message was not a fake Second Chance Offer in the form that we normally see.

4. The eBay member does not have his email address exposed in any past or present listings, therefore, it could not be harvested that way.

5. The eBay member has not received any email messages from eBay with contact information from another member. Member email addresses are not provided by eBay when a member requests contact information.

6. The eBay member's user ID does resemble his email address.

After some investigation and after being able to see the results of one of the Romanian thief's email extractor programs, as best as we can determine, if a member made a bid on an item that had not reached $200.00, therefore, the user ID was exposed and not protected by eBay's SMI Program. However, if the member's user ID is at all similar to his email address, then he is ripe for receiving fake Second Chance Offers either in email or HTML format. We do not believe the thieves have access to eBay's member database, but are using a matching program to harvest email addresses. Based on our current research, we believe that members whose user IDs do not resemble their email addresses do not receive fake Second Chance Offers.

Therefore, we suggest that to avoid receiving fake Second Chance Offers in any format, that if your eBay user ID at all resembles your email address that you change your eBay registered email address to something else. There is no need to have a user ID such as "apple" and an email address of "".

Second, we suggest that you do two other things. Go to My eBay and change two of your preferences. We suggest that you only receive email from eBay in "text only" format and that you decline all "Second Chance Offers". By making these changes, going forward if you receive any email from eBay in HTML format, you will immediately know that it did not come from eBay, and if you continue to receive "Second Chance Offers" you will also know that they did not come from eBay.

Third, always verify that any email message you receive at your registered email address that looks like it comes from eBay is in your My eBay My Messages in box. If a duplicate copy of the email is not in your My eBay My Messages in box, then the one you received addressed to your registered email address is bogus.