I do a lot of my shopping online.

I really hate waiting in lines, or driving out in our 105-degree California heat. I also hated searching up and down for items that are apparently in stock – only to find out they weren’t. It was a convenience that I grew very well accustomed to, and I encourage everyone to try it!

But, a few months back I received an alarming e-mail from eBay, saying that there was an….

“Unauthorized use of your account -- action required

Hello xxxx,

We have reason to believe that your eBay account has been used fraudulently without your permission. We’ve reset your eBay password. Any unauthorized activity, such as buying or selling, has been canceled and any associated fees have been credited to your account. Any listings that we removed are included toward the end of this email. We assure you that your financial information is securely stored on a server and cannot be seen by anyone.

Although we’ve taken steps to secure your eBay account, your personal email account or third-party listing tools may have also been accessed without your permission. Please change these passwords as soon as possible.

Once you’ve secured your personal email account and third-party listing tools, please change your eBay password:

1. Select the Sign in link at the top of the eBay home page.
2. Select the Forgot your password link.
3. Enter your email or username, and then select the Next button.
4. Follow the instructions to change your password.

"

I wanted to be sure the e-mail was legitimate, so I checked the full details of the email

It’s definitely from eBay. I followed through their instructions, and changed passwords for all my accounts (e-mail, PayPal, even banking). Everything was going well as expected. I made a few purchases just fine and didn’t think much of it.

Until a week later, I get another message …

It’s happened again!?!?

No, I’m never using a public computer if that’s what you’re thinking, and I run a tight ship at home in terms to my network and computers. I change my password again to something extremely complicated. I even contacted eBay to see if there’s a data breach going on or something. Nothing.

The attackers didn’t make any purchases or anything!  I double checked my account info to make sure, it’s secure and I was back to normal.

It seemed like everything was okay again. To be safe I’ve wipe all of my computers and did a factory restore on my phone.

A few days later my phone buzzes….

A notification appears saying package was delivered…

But, I didn’t get any mail.

I check the tracking details online, and to my horror – it wasn’t my address.

How did that happen?

It turns out that the second time the account was compromised, they weren’t after my credit card information, or making fraudulent purchases – they were taking a gamble that I wouldn’t notice the default address being changed. If they receive the item, the unfortunate victim would be the eBay seller! The buyer has protection they may fall back on through eBay and PayPal, but the seller would lose the item. I explained my situation to the seller of course; they were generous enough to refund my purchase. The most I’ve really lost was time – thankfully the item wasn’t something critical like toilet paper or anything like that, but still…

It could have been a lot worse.

I’ve learned my lesson, hopefully you would be more careful after reading this too

Here are my tips to protect yourself.

• Never use the same password for all of your accounts. Especially your e-mail.
• Don’t use generic passwords like “password”, “1234”, “qwerty”
• If you receive a message about your account being compromised, check your personal information like address.
• If you do suspect your default address has changed on eBay, you should change your password immediately, notify eBay and the seller, and change your address back by going to My eBay > Account > Addresses. Make sure all your information is correct.
• Do not use public computers or open connections when shopping online.
  
• When dealing with customer service reps, be courteous.They’re not the ones who stole from you.

And of course…

• Check the address on all online purchases, be careful with Buy-with-one-click options.