I recently bid on a high value lens on eBay. The auction ended with me as the second highest bidder. Two days later, I got a "Second Chance" offer from someone else. The original seller is a local brick and mortar store, and know that they don't offer "Second Chance" sales; they just re-list if the original high bidder backs out.
My question is: how did the "second chance" scammer get my email address and registered name? My eBay email address and registered name are only used on eBay. Given that eBay anonymized bidders identity (eg: a***x), how did the scammer do it?
eBay was no help. I reported it, but they hid behind "privacy" and "policy" double speak.
The "second chance" offer looked very convincing. If I was more eager, and if I didn't know the original seller, I might have, at least, replied to the offer.
How did the scammer get my eBay email and registered name?
I think it's possible that it is legit. If the seller has the Selling Manager Pro feature through eBay, second chance offers are one of the automation settings available and they may have inadvertently set it or simply forgot as it shouldn't come into play very often.
If you go to your My eBay page, in the menu on the left click Bids / Offers and if it is from eBay it will show up there.
Second Chance offer did not come from the original seller. The offer was also NOT on my My eBay page. I forwarded the email "offer" to eBay, and they quickly determined that it was a scam.
However, eBay won't tell me how (or acknowledge) that the spammer somehow got my eBay email and registered name.
Happens all the time. It happened to me too and I wondered at the time how they did this. Then again, I wonder how they can hijack numerous ebay and Paypal accounts. You can buy them very cheaply on the 'darknet'.
I got this twice from the same guy "jrengineer" or something from two different items with two different user ID's. I have tried following the lead but I just got a UK bank account info.
Funny thing is that I placed the first minimum bid on one item with one user ID and actually won the item with a different user ID. I got a 2nd chance offer from JRengineer on the userID that did not win. He don't know I am the same person. lol.
Second time is just a straight 2nd chance offer for a bid I did not win on.
Yes. It does bother me of course. That's why I followed the lead. Not only he/she has your email address, somehow that person found my home address. Not even my shipping address. Kinda of scary... being extra careful right now.
Stack overflow is probably nothing to worry about probably a infinite loop that caused memory overflow or something. Could also be a buffer over flow attack to see if eBay programmers has placed enough exception processing to handle the buffer overflow without giving extra permission... but I don't think that is possible, only the seller can add rouge stuff in his listing, not others.
The pop up that you see is just permission issue. Someone at eBay did not set the NTFS permission to permit read or write to the directory or file it is referring to causing it to ask for user ID and password. It happens with me all the time if I do not set my IIS permissions correctly on my servers that I maintain.
tt_mt6 wrote:
Not only he/she has your email address, somehow that person found my home address. Not even my shipping address. Kinda of scary... being extra careful right now.
Now you are scaring me.
I accept that when I buy and sell on eBay, the counter-party gets some info on me. But total strangers should not.
I'm not a security-ologist, but this is apparently somewhat common now and needs eBay's help to resolve.
Because the scammers have the bid history then they must have some access to eBay (email & home addresses can be linked together in other ways). Perhaps they compromised the seller's account & covered their tracks? Perhaps they legitimately sell items on eBay to harvest account information & scam people in their spare time? Just because a seller claims that his account is secure, if you don't know the seller personally, how do you really know he's not the scammer? Or perhaps eBay has a security violation that they have not resolved.
What worries me the most is that there is either a systematic fraud that eBay should be able to detect based on aggregate customer complaints/scam reports to link it back to fraudster accounts, or a security issue they need to resolve. Either way, eBay's responses do not sound overly promising that they are doing anything to resolve the issue. They take the Smokey the Bear approach, remember kids, only YOU can prevent scammers.
