fb-pixel
HELP DESK

What to do when a thief hacks your eBay account

It was time-consuming and frustrating trying to regain control of my account and finances. I’m just glad I was paying attention. Here’s what I learned.

The hacker and I were fighting a virtual battle to gain control over my eBay account.
The hacker and I were fighting a virtual battle to gain control over my eBay account.Chris Ratcliffe/Bloomberg News

Australia ranks high on my bucket list of places to visit, but not for any reason you’d expect.

I want to go there to track down a computer hacker who spent hundreds of dollars of my hard-earned money.

Let me back up a bit and explain.

My current obsession with the Land Down Under began on a warm day in August, when I received an unexpected e-mail from eBay. It was a receipt for an expensive Weber grill.

Initially I assumed this was some kind of phishing scam, so I was careful not to click on anything in the e-mail. I opened a new browser window to log into my eBay account. My eyes widened at what I saw. That e-mail was legit. My eBay account had been hacked.

Advertisement



Lo and behold, in my list of recently ordered items, was the same Weber grill. It was a nice looking grill, too, jet black and shiny. It had a push button ignition, stainless steel burners, and removable folding side tables. It was even mounted on wheels! I had paid $799 in Australian currency (about $565 in US dollars) for this fabulous grill, and the money came straight from my bank account.

It was getting shipped to someone named Alex Stoker, at an address in Australia.

I typed in the address into Google Maps. Within moments I was looking at a street-level view of a four-bedroom house on a tree-lined street in Labrador, a beachside suburb on Australia’s Gold Coast.

It was a nice place to host a barbecue, I suppose. I pictured my Australian nemesis slipping some extra shrimp on the barbie for his mates, throwing his head back, and laughing under the sunshine in a green backyard next to the grill that he bought with my money. I was seething. I wasn’t invited to the barbecue, I was just invited to pay.

Advertisement



I wished that Alex Stoker lived closer to Massachusetts. I kept imagining myself showing up at the door and greeting him — or maybe Alex is a her? — face to face. “Ready for the barbecue, mate,” I’d say. Or maybe I’d keep it simple: “I’m here to pick up my grill.”

Those were the thoughts racing through my mind when I sat on the phone talking with a representative from eBay.

At that point the hacker and I were fighting a virtual battle to gain control over my eBay account. After I had removed the Australian shipping address, the hacker had added it back. So I changed it again. Then I scrambled to reset my passwords and secret questions.

The audacious Aussie who hijacked my account was now shopping for even more expensive things. (I could see in my list of recently viewed items that Alex had been browsing $900 Samsung phones.)

Getting my account secured took longer than I thought. I was on the phone with eBay for more than 45 minutes, but the customer representatives I dealt with were very patient and made sure I regained control of my account. I called my bank and notified them about the fraudulent charge. They told me to cut up my debit card and they’d send me a new one with a new account number.

After notifying eBay and my bank, I filed police reports with the FBI’s Internet Crime Complaint Center and with authorities in Australia.

Advertisement



I also vented about the ordeal on Facebook. I received lots of helpful comments (and plenty of empathy) from friends and acquaintances. I learned that quite of a few friends had gone through similar experiences, and some of them were much worse than mine.

I told my editors I would gladly fly to Australia to do some on-the-ground reporting and attempt to grill my rival from Down Under for some answers, but they didn’t bite, in part because of travel restrictions in place because of coronavirus.

But I can share with you, dear readers, what I learned from this experience, and provide you with three key takeaways.

Keep a VERY close eye on all of your accounts. I’ve had the same eBay account for more than a decade, and never had any problems until this. Somewhere along the way I linked one of my debit cards to the account, and forgot to take it off. Don’t let this happen to you. Do a regular checkup of your online accounts. Make sure your contact information and payment methods are correct and up to date.

Add extra layers of security. Enable two-step verification. Update your secret questions. Change your passwords regularly (eBay suggests every 30 to 60 days), and don’t make them easy to guess. Better yet: Use a password manager, which is a type of software that helps you store, generate, and manage your personal passwords, usually keeping them safe in an encrypted database.

Advertisement



Here’s something else eBay told me. The security folks at eBay said the hacker may have stolen my eBay credentials by gaining access to one of my e-mail accounts. They told me to change my e-mail passwords. They also suggested that I clear the cache of my Internet browsers — something I had not done in a long time.

I’m just thankful that I read that e-mail from eBay and realized that my account had been compromised. I caught it right away. If I hadn’t, the hacker would have drained my bank account.


Emily Sweeney can be reached at emily.sweeney@globe.com. Follow her on Twitter @emilysweeney.