Well, I never thought this would happen to me. Not in a million years. And I’m not talking about a risque encounter at a car wash–I’m referring to getting phished. How could I be so dumb?
It all started a few weeks ago when I tried selling some old home theater equipment on eBay. The first time I put the item up for sale, it sold almost immediately at my Buy It Now price. Unfortuantely, the buyer wanted me to mail it to Nigeria. I wasn’t aware of Nigerian scammers in eBay, but this one clearly fit the bill. I contacted eBay and got my fees refunded, then reposted the auction.
Now the real fun started. I quickly recieved a large number of questions about the unit, and one of them said something like this:
I am interested in your projector, but it how is it different than the one being sold in this other auction?
The link went to what appeared to be another eBay auction. But of course, it wasn’t on eBay, was it? It was a phishing site set up to harvest my eBay username and password. I dutifully logged in as requested, but the link was apparently busted.
Now, I should have realized right then and there that I’d been had, and I should have chnaged my password instantly. And all would have been well. But I didn’t. Maybe I had the flu, or didn’t get enough sleep the night before. Either way, I didn’t think anything of it until the next day, when I found that my auction, only hours from closing, had self destructed. A dozen bidders had all cancelled their bids within minutes of each other, and now I had no bids at all.
Still not sure what had happened, I let the auction run out, and the item did indeed sell, but for about half of what I was going to sell it for based on the previous bids. Frustrating.
The next day, I was locked out eBay–my password didn’t work. Finally, the epiphany struck, and I realized what had happened. I followed all the proper procedures and got my password reset. After I was readmitted to eBay, I chnaged my password to PayPal, just in case, as well as most of my other online banking and finance services.
It turned out that the sale was legitimate and the buyer was a regular, honest guy. He paid me and I got ready to mail the item to him.
Then eBay roused itself from a three-day slumber and decided the entire auction was invalid. It went ahead and cancelled the auction, and notified the poor buyer that he’d been scammed and that he shouldn’t do buiness with me. Argh!
It took a few emails to the buyer to reassure him I was real and that I’d just, in fact, mailed him the item. It took days to straighten out the details, and even now eBay has suspended my automatic payment service, so I have had to manually pay my fees. And something that the phishers did managed to earn me negative feedback from a buyer.
Oh, and did I mention that my e-mail program actually flagged the orignal phishing message as spam?