So this past month I've been getting texts from Paypal telling me there was access to my account from Campbell CA (I'm in NY), so I changed my passwords just to be safe. My second text alert was yesterday, so again I changed my password, checked to make sure nothing was amiss, and went about my day.

This morning I wake up to two e-mails telling me I had bought a Legends Weirdwolf, and KO Perfect Effect hand/gun set, which of course I didn't do. I get ahold of Paypal, and they say it was again from Campbell CA, and that someone there must've gotten in my account there and made those purchases (for whatever reason),but I find it funny that it was of two items I've been watching.

I get off the phone with them and go to change my Ebay password, and after that I go and check my cart because I saw items in it, which turned out to be very expensive electronic devices that I neither know about, nor would ever care about, which would have cost me almost $10,000 had this person hit buy me now.

Needless to say, I'm quite irritated, and am honestly thinking about canceling both my Ebay AND Paypal account.

So how would this person have gotten access, and why purchase stuff if it would just get sent to me anyway?

For kicks?!?

 

It may be an inside job.

Years ago, someone hacked my eBay account, changed my password, email address and locked me out. I kept getting odd notices that I listed items, so I logged in and saw that they listed a bunch of PS3's (when they were recently released) hoping to use my 100% feedback rating as bait for unsuspecting bidders. I immediately contacted eBay and had them temporarily shut down the account. Initially, they acted like they didn't even believe me, which really annoyed me.

After everything was all sorted out, I wanted to pursue action and press charges, but they claimed that the culprit was in Finland and they were not able to locate them, which is BS. They didn't even try! They told me that I would have to contact their local authorities to launch an investigation. I was so ticked that I stopped using my eBay account for YEARS.

Their willingness to do absolutely nothing with a supposed valued member led me to believe that it could have been an inside job. Not sure if that's how they handle all of their members that have gotten their accounts hacked, but it's a horrible practice and a deterrent from using their website.

 

@OP - the 2 smaller purchases were more then likely to see if they could use the account to purchase the larger items.

@Sylent - in the eyes of eBay it's not worth the time and resources it would take to persue the culprit, especially once it crosses into an international thing.

Someone made a dummy card (still don't understand how they do that) of my wife's debit card and used it to purchase a couple hundred dollars worth of stuff. I was so pissed that I told the bank I wanted to press charges against whoever it was. They told me that most likely law enforcement wouldn't be able to devote the resources to finding the person or persons, even though all the purchases were made in the same county. They said I was welcome to try though.

Apparently this is so common that it's just one big rabbit hole.

 

I figured they were trying to see if they could get away with smaller purchases, I just don't understand how they thought they were going to actually get the items with my address on the Paypal account.

Actually, the lady at Paypal said it was probably through the easy pay link through checkout. So could they have changed the address through there?

 

If it was a $20 item or two, I'd understand the reluctance to step in, but in my case, this douchnozzle listed like 20 PS3's, (going for around $500 at the time) which would have netted them well over $9,000. That's attempted grand larceny. If not an inside job, this type of thing must occur so frequently that eBay just doesn't care anymore and turns a blind eye... and even if they didn't really care, they should at least act like it.

 

Usually it's through social engineering or weak passwords. E.g. either they were able to guess both of your passwords, or they called EBay's support line and were able to successfully convince someone that they're you. Although in the latter case, you'd have found that your password was already changed.

 

Wow, from the sounds of it, if this DOES happen again I'll definitely be canceling my account.  

 

I wonder if they were just funneling money into whoever was selling the larger items. Maybe they have no intention of shipping anything?

True. I agree with you it's BS but I'm not sure how much could be done.

You are right though, you think they could at least try.

 

I had this happen once with my ebay account. Some guy used it for a bunch of bogus power tool set listings. I caught it pretty early but he already fooled someone. I got in contact with them right away and I think they were able to reverse the charge.

Op, scan your devices for spyware or keyloggers, and check your email for phishing attempts you may have fallen for by mistake. If you weren't...unfortunate enough to use the same password for both of those accounts, they had to have gotten your logins from you in some way.

 

That could be.

I've already scanned my computer with no results, and I definitely haven't fallen for any scams, which I have been receiving a lot of lately. Also, both passwords were completely different.

 

I closed my Ebay and Paypal accounts last year. And for that reason.

I wasn't really using either of them anymore and I no longer had faith in them to be secure.