Aloha people,
I got nearly scammed on eBay trying to sell my stuff. The situation and my mindset could not have been better for the scammers. I was in a rush and was doing three things at the same time: eBay, eating, and viewing an episode of Monk with my girlfriend. I know what you will ask and no there are no new episodes out. We are watching through the complete series. Monk was doing his bet trying to act like a contract killer when I was contacted by a person on eBay who wanted to pay for the car battery I had created an ad for. The person, let's call her Alice, offered me to pay for the item and asked for my PayPal address and whether I would also be fine with sending the battery to her. I would rather not do that but well, I want to get rid of this battery so let's figure out what it will cost me. I don't know why the scammers went through this loop, maybe for credibility or to get enough time to create the fake email for me? After a few minutes, I got the following message from Alice or as I presumed the eBay system:
"The user "Alice" has payed with Ebay secure direct payment and you should get an email with more details soon with the Email Subject "Sehr geehrter Benutzer, Ihr Vorgang wird gerade bearbeitet#226125542" (written from Memory)
I have to confess I am a newbie on eBay and at this moment I made my first error. 😨 I considered this method of payment to be legit. I had already configured this “secure” payment with a bank in the Netherlands, so this should have made me suspicious. Annoyed as I was, I wanted to get the transaction over me. The E-Mail I got legitimately fooled me. My brain that should be trained to instantly see a phishing attempt failed. Classic stuff, I tell ya.
Now that I look at this email again, I can't understand why my alarm system didn't laugh this attempt in the face. The email looks so sketchy with its minimalistic design, wrong spelling of my name, but the spelling checked out, so it must be a real, right? Right? Let's continue with the next step of the scam: the error of push notifications. Keep in mind my perspective of eBay being so bad with IT that I was happy working with the scammer, believing I was talking to an inept support technician. Yes, I was super arrogant here. Therefore, I also entered all my credentials and information into the next website:
This website is flat-out fake as it could be and just want to look credible, even the URL seemed fine. The next website is the juicy one.
I gave them everything. 🙄 Nevertheless, I have instantly blocked my card after I realized I got phished. Now comes the important part of the scam. I entered my information and clicked on the send button. I received a 3D secure event on my phone in the banking app. Legitimate websites do this too when they want to identify people, so I thought nothing of it. I had done this in the past and the website suggested I was getting verified for the payment, which as I stated already had done already. I was super focused on Monk and my food to pay attention. Now I got the push notification for 0.00 Euros. I accepted the transaction with my pin. I made my next error, can you guess it? The bank I got the notification from was not from Germany, and nothing pointed to eBay. Again, I did not pay any attention to this fact. The website continued to do nothing. Then suddenly a small support page opened. Arrogant as I was, I suspected eBay had made an error with 3D secure. I had similar experiences in the past, so that was not new to me. The scammer on the other side connected to this support chat and told me they would try to restart the process for me. How nice of them. 😉 Here is the chat for you. I acted like a true pondered asshole, telling the scammer to scam me as fast as possible.
The push notifications came and scammer tried to fool me in sending even more and more of them. It seemed like the system from eBay had a malfunction. The "what the actual fuck" moment came when I started to look into the transaction I was signing there. I saw I was singing a transaction to give 500USD away to some bogus destination and panicked. After declining, I still thought of the scammer as the eBay support person and wrote them. I am not sure what the moment is called in the security circle. The coin just dropped. I went back to the place some would see a scam from a mile away: the sender email address. BAM! 😭 It was a rubbish email, probably hacked anyway. The scammer tried to assure me in the meanwhile that they were still from eBay. The gig was up, I was aware that this was a scam. The fucker nearly got me. I ran to my bank website and saw that I had been lucky: no money had been transferred from my credit card yet.
Some learnings for you out there:
- This can happen to all of us
- Concentrate truly on payment transactions
- Don't assume a transaction method is legit
- Check the sender email address and URL
- Talk to someone that have more knowledge about the place you are trying to sell stuff (I should have asked my girlfriend. She is a pro at eBay.)
- Try to break the website should it seem untrustworthy. Fake website allow everything.
- Learn about scams
- Call both hotline numbers on your credit card
I got not lucky, but you may not be so lucky. Look out for phishing emails. Thanks for attending my TED talk. 😉
Edited:
Small sad update on this matter. Although I was told nothing had been transferred by the emergency support hotline person in fact there was money deducted some days later. I called the banks app hotline too after seeing the records of my new credit card and they told me the money would be recovered. That in fact was a matter to be determined. In the end I forfeited the money by accepting the 3D secure push notification. I may could have recovered the money by calling this bank app hotline immediately but who knows maybe not. The money is gone.
"Experience is a hard teacher because she gives the test first, the lesson afterwards." - Vernon Law
Please share your experiences with scammers in the comments.