So I'm clearing out my email before I go to sleep. Decide to clean out a mailbox that's pretty much dead - left over from my old marketing agency days. To my surprise, I see an email from eBay requesting that I pay for an item I supposedly purchased on the site.
I had to shake my head, as I knew I hadn't used this email address in years. I examined the email. In the area where eBay would insert the User ID of the buyer, was a series of numbers. Hmmm, strange ID. I try to check out the headers to see if the email came from eBay. This is close to impossible to do on the phone, so I examined the links - and indeed the email did seem authentic.
Within a few hours, an invoice was sent to the same email address, addressed "Dear 2679302013" with my name appearing at the top of the email.
It's after midnight, so I took to my laptop to research further. I perform an eBay bidder search by going to eBay's advanced search:
I find that this user ID made one purchase (the one I was invoiced for), but the purchase was made while I was on my radio show. I clearly couldn't have made this purchase. The User ID also showed eBay's new user icon with 0 feedback. By clicking on a user's feedback number, you can find out when the user first signed up for eBay. Clicking through I find that they signed up for eBay on a Saturday as well. Hmmm. I usually don't sign up for new accounts when I am on the air.
I went to eBay - and clicked the Customer Service link, hoping to send them an email alerting them of the impersonation. I was amazed to find that eBay's customer service takes phone calls 24 hours a day, 7 days a week. It was after 1 am at this point, but I figured, why not give it a shot.
The customer service representative (working from eBay's Salt Lake City hub) answered the call and listened to my tale of woe. I had forgtten several things:
Lesson learned? If you have old email accounts, be sure to check them regularly. If I would have followed my own advice, I might have noticed the initial registration email that came from eBay (sent 2 days after the user registered the bogus account) welcoming me to the site. I sincerely wonder why eBay no longer requires an email address confirmation from those who open an account. If they'd have, the user would not have been able to make a fraudulent purchase - as I'd not confirmed the authenticity of the address.
I recommend in my books to let brands know when they have done something right; when you are pleased with their service. (They must get so sick of social media complaints, that a compliment usually brightens their day, and the reply with a "thank you." So next morning, I used Twitter to thank @eBay (and @AskeBay) for their CSR's excellent service. All I got back was the sound of crickets - no response.
I had to shake my head, as I knew I hadn't used this email address in years. I examined the email. In the area where eBay would insert the User ID of the buyer, was a series of numbers. Hmmm, strange ID. I try to check out the headers to see if the email came from eBay. This is close to impossible to do on the phone, so I examined the links - and indeed the email did seem authentic.
Within a few hours, an invoice was sent to the same email address, addressed "Dear 2679302013" with my name appearing at the top of the email.
The customer service representative (working from eBay's Salt Lake City hub) answered the call and listened to my tale of woe. I had forgtten several things:
- eBay keeps all the data user's input when you sign up for an account
- IP addresses are attached to transactions
- eBay sends out an email upon opening an account
Lesson learned? If you have old email accounts, be sure to check them regularly. If I would have followed my own advice, I might have noticed the initial registration email that came from eBay (sent 2 days after the user registered the bogus account) welcoming me to the site. I sincerely wonder why eBay no longer requires an email address confirmation from those who open an account. If they'd have, the user would not have been able to make a fraudulent purchase - as I'd not confirmed the authenticity of the address.
I recommend in my books to let brands know when they have done something right; when you are pleased with their service. (They must get so sick of social media complaints, that a compliment usually brightens their day, and the reply with a "thank you." So next morning, I used Twitter to thank @eBay (and @AskeBay) for their CSR's excellent service. All I got back was the sound of crickets - no response.
