Jump to content


  • Tweets

  • Posts

    • Good morning,   I just left bigmotor and return the vehicle. Staff from bigmotor wasn’t helpful they start from the beginning I need to have appointment. They mentioned there is no one today from after sell who can assist me today aswell. After few min  manager come to talk with me and collect all documents. All conversation has been recorded with full names for both people who was dealing with me in the store.   Thank you     
    • London1971 - he's sick. He & his partner would like to dispose of or utilise via a rental his uk assets and/or to have access to his own £s (including his pension) - to make his end of days more pleasant.  It seems that is now only going to be possible for his partner via probate if Barc won't unblock his account.   HB - sorry I didn't mean to appear rude. I just meant this post will probs end up having to be morphed over to barc threads ! I do appreciate your input
    • I am quite happy to give a breakdown of what happened yesterday in court, and most certainly if it helps anyone. As you can imagine it was quite nerve wracking, despite knowing I had done no wrong there is always a nervousness that things can go against you. As such, I will confess to not remembering legal terms used etc but will try my best. On arrival at court I was, once again, asked by the claimants representative if I wanted a chat in a consultation room. DWF / Adidas do not send their own solicitor , they use a local company of representatives who all seem well known to court staff and judges. This was the 3rd time I had been to the court and on each occasion it was a different representative. I believe the advice on here is to not get involved in these little chats but I felt comfortable with them. First two occasions they did try to talk me into coming to an agreement but this time he just ran through what would happen in court. Not relevant to anybody else's case but this guy was more interested in my Thai Tattoos as he was a Muay Thai fighter and planning a trip to Thailand to fight out there !! When the time came we were ushered into court and took our seats in front of a judge who was already seated. I have to say it was surprisingly relaxed despite my being nervous. The judge called the representative by name and advised that the rep knew him well, knew he had a "straight to the point" attitude towards civil cases and didn't accept pointless waffle. He then outlined the case and spoke to me advising that he was aware I had no legal background and if any of the legal terms he was required to use were not self explanatory to me just to ask a question. Adidas WS had been written by a Senior Manager of Risk Prevention based in Amsterdam and the judge asked if he was attending. He seemed a bit taken aback when advised he would not be. He questioned how it was deemed as "fair" that I could be cross examined but the Adidas employee could not. The adidas rep said that he had a list of questions he had been instructed to ask of me, but that he felt my replies would all be denial so agreed not to cross examine.  The judge, during his summary, came to the part where adidas said I had contacted them asking where my refund was, and they had paid me due to "customer appeasement". His exact words were "the defendant would have to have some brass neck to actually phone chasing a refund for items he knew he had not returned". He also commented that Adidas had claimed that the return went to an altered postcode but did not include an example of what their return label would have looked like at the time, which seemed and obvious bit of evidence to him.  He then handed over to the claimant to put forward their claim. The claim really consisted of their rep reading through their WS and highlighting things which "proved" my guilt. They had discovered on internet forums that people were altering the postcode and sending out empty envelopes in the place of the goods. This was known as FTID (False Tracking ID) and Instant Refund. Apparently I was refunded within 18 minutes of my parcel being scanned at the Post Office. He also suggested that the altered postcode was pretty damning. This took maybe 15 minutes for the full reading. The judge asked if I had any questions and advised that I didn't need to prove my innocence they had to prove my guilt.  I did make a couple of comments but really could have said nothing. I advised that when returning items to a post office, the first thing they ask you to do is put the parcel on the scales, which made a mockery of the empty envelope theory. They then scan the bar code or QR code, which would require in depth knowledge to be able to alter. I asked if adidas had been to this "altered" post code to recover the goods. The tracking provided by Royal Mail remarked "delivered no signature" I pointed out that adidas claim I was refund within 18 minutes but also say they refunded me following a call I had made chasing my refund, a total contradiction The judge then moved onto his decision. He started by saying that he had no doubt whatsoever that Adidas not received the returned goods. At this my stomach totally dropped.  He then said he had absolutely no doubt that I had returned the goods in good faith, and that the return system was obviously flawed for Adidas to have lost £10.4m. Adidas had provided absolutely no evidence to prove otherwise, and on that basis case dismissed. I walked out to the car park with the Adidas rep who advised me that there was absolutely no chance I was ever going to lose. If he had told Adidas what he thought of their case and evidence he wouldn't get any more work, they had no case whatsoever I am quite certain I will have missed some details of the day so quite happy to answer any questions that may jog my memory
  • Our picks

    • If you are buying a used car – you need to read this survival guide.
      • 1 reply
    • Hello,

      On 15/1/24 booked appointment with Big Motoring World (BMW) to view a mini on 17/1/24 at 8pm at their Enfield dealership.  

      Car was dirty and test drive was two circuits of roundabout on entry to the showroom.  Was p/x my car and rushed by sales exec and a manager into buying the mini and a 3yr warranty that night, sale all wrapped up by 10pm.  They strongly advised me taking warranty out on car that age (2017) and confirmed it was honoured at over 500 UK registered garages.

      The next day, 18/1/24 noticed amber engine warning light on dashboard , immediately phoned BMW aftercare team to ask for it to be investigated asap at nearest garage to me. After 15 mins on hold was told only their 5 service centres across the UK can deal with car issues with earliest date for inspection in March ! Said I’m not happy with that given what sales team advised or driving car. Told an amber warning light only advisory so to drive with caution and call back when light goes red.

      I’m not happy to do this, drive the car or with the after care experience (a sign of further stresses to come) so want a refund and to return the car asap.

      Please can you advise what I need to do today to get this done. 
       

      Many thanks 
      • 81 replies
    • Housing Association property flooding. https://www.consumeractiongroup.co.uk/topic/438641-housing-association-property-flooding/&do=findComment&comment=5124299
      • 161 replies
    • We have finally managed to obtain the transcript of this case.

      The judge's reasoning is very useful and will certainly be helpful in any other cases relating to third-party rights where the customer has contracted with the courier company by using a broker.
      This is generally speaking the problem with using PackLink who are domiciled in Spain and very conveniently out of reach of the British justice system.

      Frankly I don't think that is any accident.

      One of the points that the judge made was that the customers contract with the broker specifically refers to the courier – and it is clear that the courier knows that they are acting for a third party. There is no need to name the third party. They just have to be recognisably part of a class of person – such as a sender or a recipient of the parcel.

      Please note that a recent case against UPS failed on exactly the same issue with the judge held that the Contracts (Rights of Third Parties) Act 1999 did not apply.

      We will be getting that transcript very soon. We will look at it and we will understand how the judge made such catastrophic mistakes. It was a very poor judgement.
      We will be recommending that people do include this adverse judgement in their bundle so that when they go to county court the judge will see both sides and see the arguments against this adverse judgement.
      Also, we will be to demonstrate to the judge that we are fair-minded and that we don't mind bringing everything to the attention of the judge even if it is against our own interests.
      This is good ethical practice.

      It would be very nice if the parcel delivery companies – including EVRi – practised this kind of thing as well.

       

      OT APPROVED, 365MC637, FAROOQ, EVRi, 12.07.23 (BRENT) - J v4.pdf
        • Like

Ebay - Account breached


Matthew31
style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 2661 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

Hey, just wanting to know where I stand.

 

Let me start with saying i'm no newbie to computers and this wasn't a case of me giving away my login details via some [problem]/phishing email.

 

 

I have more than 20 years computer/internet experience under my belt and even have no use for anti-virus software (put it this way, I know to avoid anything which might gain me a virus and know the system registry and background tasks like the back of my hand).

 

My ebay account has been up and running for just over 15 years without a problem.

 

eBay has always been fine for me.

 

 

To cut it short, the past few days the money in my bank didn't quite add up.

Something was pending for £30. I guessed it might just be their systems catching up.

 

I had a look at my eBay account and shocking to me was a purchase done a few days ago for a computer game priced at £30.

 

I knew it wasn't me or anyone else I knew who made that purchase.

Some cheeky sod has well and truly defrauded me out of money.

 

 

They bought the game (which includes a download code and a disc).

 

 

They read the eBay inbox message with the download code,

redeemed it and got the disc

(which is useless as the code has been redeemed)

dispatched to my old address that was still saved on my account.

 

They even tried to hide the fact by paying for it,

not out of my linked PayPal account direct

(which shows on my PayPal account transactions),

but via my debit card saved on my eBay account

(that processes through PayPal but doesn't show up in my PayPal transactions history).

 

 

The only way I can imagine this happened was because of ebay's 2014 data breach and now how frequently they require someone to change their password. About a week ago I logged into my eBay account (via a typed address) and was forced to change my password. My current password was secure (7 digits long, 2 capital and 1 non capital letter), but as I would struggle to remember another similar password, I used a basic password I used to use 10 years ago. It's possible that login/password combo was saved by a bot all those years ago and was detected as being my new password and the account was accessed.

 

 

Where do I stand now?

 

It shows on my bank account as card payment to paypal. The bank have cancelled my card and i'm guessing they could do a chargeback that will likely cause me fees with PayPal and a suspended account.

 

Will PayPal/eBay refund this? Considering the voucher would have been redeemed by now.

 

Thanks

Link to post
Share on other sites

First report to Action Fraud which i think you can do online

 

Second report to Ebay and ask them what they can do to help.

 

You don't want to do any chargeback, as you will just get Ebay treating you as a debtor. Ebay won't refund, unless there is any evidence of them being at fault.

 

Before you do the above. If you think about this, why have you been targetted in this way and only for £30. You need to check with Ebay to make sure no other attempts to use your details have been made. Have you ever given away an old computer/laptop to a friend/relative or sold/traded in an old one ? Have you ever used someone elses computer to use Ebay and have forgotten about it ? I have a gut feeling that this is not an Ebay hack, but it might just be someone has used an old computer you have used for Ebay and they have found your Ebay log in. To test it out, they have made a £30 purchase. If it were a criminal, i suspect they might have made a higher cost purchase or this was just a tester with more transactions to follow.

We could do with some help from you.

PLEASE HELP US TO KEEP THIS SITE RUNNING EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHERS

 

 Have we helped you ...?         Please Donate button to the Consumer Action Group

 

If you want advice on your thread please PM me a link to your thread

Link to post
Share on other sites

Thank you for the reply.

 

The thing is, I only had that much left in my bank so it was the only thing they could take.

 

The only thing I can imagine it being is a few years ago I lost my mobile phone. It didn't have a lock on the screen. It was reported to my phone provider and all they could do was cancel the sim. I think this was linked to my google+ account (Which stores passwords and updated passwords).

 

If someone recently found this phone, charged it up and got into my eBay account, they might have made the purchase.

 

Whoever did it, knew what they were doing.

 

As soon as they got access to the account they changed the password and notification settings (So I wouldn't receive an email if they bought something).

 

Thank you, I will report it to actionfraud

Link to post
Share on other sites

I agree with UB.

 

I think you also need to be careful as you mentioned you have no need for antivirus software due to your computer knowledge.

 

I can appreciate what you are saying but how can you be 100% sure there is no infection in your device?

 

Are you using any protection on your device i.e. anti-spyware, firewall etc)

How to Upload Documents/Images on CAG - **INSTRUCTIONS CLICK HERE**

FORUM RULES - Please ensure to read these before posting **FORUM RULES CLICK HERE**

I cannot give any advice by PM - If you provide a link to your Thread then I will be happy to offer advice there.

I advise to the best of my ability, but I am not a qualified professional, benefits lawyer nor Welfare Rights Adviser.

Please Donate button to the Consumer Action Group

Link to post
Share on other sites

100% because I am an expert. Over 20 years experience and a wide computer knowledge. Viruses come in several forms including crypto (ransomware) and keylogger.

 

Anti-virus software is mostly just there as insurance. It allows people to carry on with their normal activities but gets them out of a potentially bad situation if they download something they shouldn't have.

 

The most common ways of compromising someones account these days doesn't even require the host system to download a virus. It's through the spoof emails people get that pretend to be from a certain company requiring them to enter their password. The user is then redirected to a page that looks exactly like the website (except the url wouldn't be correct) where they enter their password and the fraudster can then access their account.

 

The other is via dodgy email attachments that can either be keylogging software (tracks username and password entries, sends them back to fraudster) or ransomware (password encrypts the users most important folders like "my pictures" and demands payment within 48 hours for the code to unlock the folder again).

 

Even "hacking" doesn't exist on the scale it's mentioned in the media. Normally what happens is someone falls for a spoof email, they give their details away, end up becoming a victim to fraud and the report is along the lines of they were "hacked". Hacking these days is an overused term and really the only 2 ways of "hacking" that are common are DDos attacks (sending excess traffic to a website via many "host" infected systems) that overload servers so the website goes offline, and brute force hacking (running software that generates millions of password that tries each password until they get in). Although the brute force method is becoming more and more uncommon due to account servers only allowing a certain amount of attempts before locking the account or requiring CAPTCHA codes.

 

 

15 years ago I stopped using anti-virus software when my computer knowledge got to an expert level. Since all this software did was slow down my system with routine scans and never found any viruses.

 

Today, just to confirm what I already knew I downloaded Norton anti-virus. I have a premium licence that was included with my ISP package that I never used before.

 

I activated it, did a full system scan and the results as expected were no viruses were found. So the only ways this could have happened:

 

 

1) Someone found my long lost phone and got into my eBay account via the connected google account which automatically syncs any password changes.

 

2) The forced password change. As said, quite recently when logging into my account, I was forced to change my password due to when they were compromised in 2014 and user details were leaked. As I couldn't think of any new password I would remember, I changed it back to an old password I used to use. So maybe if that password was on the compromised list, someone might have tried it recently.

 

 

 

So far I have reported it to actionfraud and also to PayPal. PayPal have told me there is no unathorised activity logged on my account (and they even told me, that instead, if I am unhappy with the item I "purchased", I should contact the seller to arrange for a refund). Ebay have been very difficult to contact

Link to post
Share on other sites

The strange thing about any device used to make this payment to Ebay is that normally the 3 digit security code from the back of the card is missing in the relevant data field, so if someone gets hold of your device they can't make an unauthorised payment. They could guess, but difficult.

 

Ebay can confirm what data was used to make this purchase. If they interrogate the data, they might also be able to confirm what device was used to make the payment. When you process any debit card transaction online, loads of other data is sent and in these type of circumstances it can be useful.

We could do with some help from you.

PLEASE HELP US TO KEEP THIS SITE RUNNING EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHERS

 

 Have we helped you ...?         Please Donate button to the Consumer Action Group

 

If you want advice on your thread please PM me a link to your thread

Link to post
Share on other sites

>Pastebins of comprimised accounts from other websites that you are registered to

>Brute force using Rainbow tables

>Hidden software on your PC that an AV wouldn't pick up Norton is bad for this

 

An IT expert using this - "syncs any password changes," I don't understand why people use these save passwords options etc, if your browser, account or whatever you are storing passwords gets compramised then that's it they get all your saved passwords that can be exported to clear text using varities of free software.

 

For an expert you don't seem to demonstrate much care for a secure system. There are alot of optimized and well maintaned A/Vs out there that don't slow down your system or throttle your internet connection.

Link to post
Share on other sites

I'm sorry, but I must agree pixel, you make yourself sound quite tech "unsavvy" the way you are speaking.

 

For a tech, the absolute minimum is changing passwords often and keeping an up to date antivirus.

And there are many more ways of getting viruses on your pc than what you have quoted.

 

I'm sorry, but not changing passwords, not having any antivirus, not keeping tech secure and then not changing passwords after you have lost said unsecured tech is a fine way to fall foul of hackers /[problematic]/id thieves.

 

How do you know that a government website wasn't hacked, you then logged on their to do something and downloaded a virus from there without even realising.

 

Also, virus scanning AFTER an event is often useless as a lot of viruses will shred themselves to avoid detection once it has what it wants.

 

Personally, id write of the £30, get a decent antivirus and move on.

Link to post
Share on other sites

I agree with Grumpy and Pixel, to use a crude analogy it's like visiting a certain part of Amsterdam without a 'raincoat' because you know the signs, symptoms and transmission routes of STI's and think that the knowledge itself protects you. You've just been charged £30 to find out the hard way that your expert status offers no more protection from cyber crime than a cotton tshirt does during a storm.

My views are my own and are not representative of any organisation. if you've found my post helpful please click on the star below.

Link to post
Share on other sites

As it turned out, this breach wasn't anything to do with anti-virus, ebay or Paypal. It was to do with someone accessing my email account and using it to change my password on ebay.

 

What they did was accessed my email, set filters to incoming ebay and paypal emails so it's diverted to my deleted folder (So I wouldn't see any future emails from ebay in case they did flag it as suspicious.

 

 

 

People say about changing your password frequently, but, there is actually no way to change your password via orange's webmail system. For anyone who knows what webmail platform I am talking about, it's email.orange.co.uk.

 

See it this way, a fraudster gains access to someones account. Bingo! The first thing they would do is change the password right? Of course they would. Even the fraudster didn't change my email password because there is no way for them to change it.

 

 

I personally spoke to orange's support earlier and had this out with them.

 

 

Here goes.....

 

 

The email address in question was provided to me when I lived at my old address with the internet connection I had there. When I moved, I cancelled the internet connection and as I was using the email address still, they kept this email address active.

 

Normally, to change your password for this email, you log in to your broadband account using the email address, then change your password there (which also changes it for the email address). That is the only way to change your password.

 

In my case, I had no broadband account active to log into. So there has been no direct way to change my password.

 

I was told, most people either change email address when they change ISP, or, use the pop3 settings through a mail reader like outlook (which, rather than store emails in the webmail, pushes them to the device and stores them there).

 

They told me, in future, if I still want to use my email address via the webmail platform and want to change my password frequently, I will need to select "forgot password" and change it via that method.

 

Orange/EE have as a result of this offered a form of compensation.

 

 

 

As for eBay, they have now logged it as unathorised access to my account and told me I am to contact either my bank or PayPal to get a refund of the full amount.

 

 

 

Attachment show the filters the fraudster set on my email account so I wouldn't see incoming ebay and paypal emails and also that there is indeed no way to change the password via webmail

 

Filter1.png

Webmail 2.png

Orange webmail 1.png

Filter2.png

Webmail 2.png

Link to post
Share on other sites

How did they get hold of your Orange email address and do this ?

 

Surely Ebay have details of the IP address location of where this happened.

 

If this relates to information on the lost mobile phone, what other account information have they obtained and tried to use ?

We could do with some help from you.

PLEASE HELP US TO KEEP THIS SITE RUNNING EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHERS

 

 Have we helped you ...?         Please Donate button to the Consumer Action Group

 

If you want advice on your thread please PM me a link to your thread

Link to post
Share on other sites

not needed as it is set as a DD not a distance payment.

There are specific frauds that only work on ebsy, one of those is putting a flase page over the top of a genuine one so when you go to the real item you are interested in the fake page masks it but appears identical to the viewer. If you the enter anything into this page-ie show an interest in buying the item for example the mask then follows your activity and harvest your data so you username, pw and links to paypal accoutns are compromised. sometime the thieves do the same with a walk through vis just a few pixels on the genuine page so hover over a small are of the item for sale for example and you will connect to the fake page. Again this allows the bad uns to harvest certain information they will then use to oredr stuff at your expense, oftem non tangible items like gaming codes but they sometimes buy their own listed items. Coin seller in China use to use that trick.

The strange thing about any device used to make this payment to Ebay is that normally the 3 digit security code from the back of the card is missing in the relevant data field, so if someone gets hold of your device they can't make an unauthorised payment. They could guess, but difficult.

 

Ebay can confirm what data was used to make this purchase. If they interrogate the data, they might also be able to confirm what device was used to make the payment. When you process any debit card transaction online, loads of other data is sent and in these type of circumstances it can be useful.

Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...