Need help with EBay scam

AnteCantelope

My mum just got an email from EBay saying that she won a handbag. She didn't think that she had an account, so she followed the link, put in her email and a password that she uses a lot, and it logged her in and showed her a handbag. Now she realises that any password or email address will log her in.

Does this mean that Hax0rz now have that password? Should we all be scared?

I'll get a copy of this email at some point soon, to show you and get your opinion.

TL;DR: Possible EBay scam, they may know my mum's common password, what should we do (other than the obvious change of password).

BuhamutZeo

what should we do (other than the obvious change of password).

Ok. Good, yes...password useless, scam defeated. You know what to do, why are you asking us? :P

Change every instance she uses that password and it becomes useless, doesn't it? No more danger.

Forward the email to Ebay customer service and hope some justice comes of it.

*Edit*

Hackers work fast. Work faster.

GET CRACKING ON CHANGING THEM PASSWORDS!

Pheezer

Yeah, just go and change every password she's got, actually. For all you know her e-mail's already been accessed and they have her existing account information everywhere that's ever sent her a verification e-mail. In all likelihood the damage is far less extensive, but you have to assume worst case scenario and be thorough. And make sure the new passwords are very different than the current.

And tell her to never, ever click a link from an e-mail message that she didn't expect.

AnteCantelope

Thanks. I knew about the need to change that password, but I didn't know how far the damage would go.

As far as clicking on a link she didn't expect... She's got a government email address, I guess she just didn't expect any problems like this from what should be a very safe address.

Brainleech

Also try to talk to Ebay about the email that she got as well because this might help other people from falling to the scam email

falsedef

She uses a gov email for her ebay account? If the ebay account has no activity, then changing the password on that plus her email account password should be fine.

Tell her to get a gmail account for website accounts and only give it out to trusted people and websites, and to always look at link URLs.

AnteCantelope

No, she doesn't have an ebay account at all. I'm guessing that she thought it was something I had done, because I know her email, and use ebay a fair amount.

falsedef

AnteCantelope wrote: »

No, she doesn't have an ebay account at all. I'm guessing that she thought it was something I had done, because I know her email, and use ebay a fair amount.

Most likely the phishers aren't going to do anything. Once they see that her account doesn't exist, they'll just move onto the next account. What they're looking for are respected accounts that they can scam other ebay users with. It's still a good idea for her to get rid of her current email password, though, since that's likely their only trail.

Ruckus

falsedef wrote: »

AnteCantelope wrote: »

No, she doesn't have an ebay account at all. I'm guessing that she thought it was something I had done, because I know her email, and use ebay a fair amount.

Most likely the phishers aren't going to do anything. Once they see that her account doesn't exist, they'll just move onto the next account. What they're looking for are respected accounts that they can scam other ebay users with. It's still a good idea for her to get rid of her current email password, though, since that's likely their only trail.

Of course, they may notice that she's got a government email address, and redouble their attempts to gain access to it.