eBay potential phishing scam ON eBay web site, eBay would not do anything to help me

Posted Sat March 27, 2010 5:16 am, by Frank F. written to EBay

Write a Letter to this Company  |  Rate this Company

I purchased an item on eBay today, and immediately went to pay for it as I always do. After I made sure the shipping address was correct, I left PayPal as the default payment method, then clicked on Continue under the payment options. The page went to a "Cannot find server or DNS error" page. This normally means that the server is not found, usually because the web site URL is typed in incorrectly. However, I was clicking a button right ON the eBay web site, as part of the payment process. Looking at the URL--it was an ebay.com URL. I tried this in both Internet Explorer as well as FireFox. The error which is often more detailed in FireFox, was, "SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)". I then checked for an SSL certificate (I own a web hosting company, so I am very familiar with all of this), and no SSL certificate could be found. Without an SSL certificate, payment information is NOT SSL encrypted, and therefore, is not safe or recommended to enter payment information or even personal information on a web site without an SSL certificate. This concerned me very much. What also concerned me was that the web page URL still showed it was a page on ebay.com, which made me wonder if this was a phishing site (a phishing site is a site that usually a hacker creates, and makes it look as much like another legitimate web site as possible, in order to get you to enter your personal information...sometimes a bank account username/password, sometimes credit card information, etc.). I have even seen a DNS vulnerability which allowed a hacker (or anyone that knew how) to redirect a web site so that it still looked like you were on the site you went to (such as eBay, PayPal, your bank, etc.), but your information could actually be sent somewhere else.

All of this concerned me greatly. So I contacted eBay through their "eBay Live Chat". I spoke to (chatted with) "May Anne A." for over an hour, as I was figuring out what the issue was the best that I could, being in the IT field all of my life, and the representative told me she didn't know what the problem was. It was clear the payment page would not allow me to pay, so I asked the chat representative after almost an hour to cancel this eBay sale and I would purchase it from another listing that didn't deal with this type of payment (this seller used a specific type of payment interface that takes you somewhere else, which I've never heard of on a site like this). The representative then starting telling me I had to contact the seller myself. I spent 2 HOURS so far in this chat session (I'm still waiting, as I type this), and I asked to speak to a supervisor, but was only given a phone number to call on another day, not right now. After over an hour, I asked to speak to a supervisor again...then was put "on-hold" for an hour (so far, I'm still waiting as I type this), just left here to wait what seems to be endlessly.

In this case, eBay clearly has an issue on their site. Regardless of who's fault it is, it certainly is not the customer's fault by any means, and when the problem comes up, ebay.com is in the web browser address bar. As far as I'm concerned, this is eBay's problem, and they should cancel the sale as requested so I can purchase the item through another listing that does not use this payment interface. At this point, I fear a phishing scam through eBay's web site. The representative didn't seem to care about that or my financial security, and just seemed to get an attitude when I brought up that I was concerned about that. I have this entire process on video, as well as a copy of the useless time-wasting chat with the representative, if anyone would like to see it. It would probably make anyone not want to enter their payment information on eBay in the future.

I'm still waiting for a supervisor, 2 hours 10 minutes, and counting...utterly ridiculous!

All I ever asked eBay to do after one hour of trying to make this work, was cancel the transaction that didn't work anyway, that I had no possibly way to pay for since their web site did not work for that, at that time. Simple as that. They (eBay) made it MY problem, when there was nothing at all I could do about the situation.

Log In/Create an account | 12 comments

del.icio.us      Digg this

PlanetFeedback Comments are subject to strict terms and conditions. We reserve the right to deny site membership privileges to any individuals acting inappropriately.

Re: eBay potential phishing scam ON eBay web site, eBay would not do anything to help me by newuser Posted Wed January 12, 2011 @ 6:03 PM A similar thing happened to me. I was signed in on Ebay's site. Literally, typed in www.ebay.com and signed in. When I signed in it asked me to update my credit card - which by the way - I know I needed to do because it was expired. As I was entering the information, I noticed they wanted my pin number, which raised a red flag for me. I logged out. Shut down my computer. Logged back in on Ebay.com - still the same page and requesting the same information. I decided to wait until the next day and the next day, they didn't ask for any information. I submitted this information to Ebay with my security concerns and have NEVER received any response from them. Also, every time I buy or sell anything on Ebay, I am suddenly inundated with phishing emails almost immediately. That NEVER happens to me with any other Ecommerce site. Obviously, Ebay has big security problems and really doesn't care to fix them. You wonder if Amazon NEVER has any security problems why can't EBay fix theirs? They have nothing but contempt for their buyers and sellers, and if they weren't a monopoly would have been out of business a long time ago. Reply you might also... by PepperElf Posted Mon March 29, 2010 @ 11:20 AM want to make sure that you can access other SSL pages and of course verify if the error exists when accessing the site from another computer. after all, sometimes SSL errors can actually originate with the local computer - as opposed to the server being the one that had the issues. For example, on my last ship, every so often we'd get trouble calls pertaining to issues like "I can't access my bank account" or the Navy Knowledge website. One of the first things we did was to see if they were able to access other https sites. If they could not, then had a quick fix program we could access and run that would clear the error out. For the few times when the error only pertained to a single site, more often than not, that site was specifically down or having their own server issues. Reply Sometimes it's a Firefox error - sometimes you can get through with Explorer by The Original Nethead Mon March 29, 2010 @ 11:58 AM and some sites refuse to work with specific browsers too by PepperElf Tue March 30, 2010 @ 1:14 PM What about Chrome? I use that once in a while by The Original Nethead Fri April 2, 2010 @ 5:08 PM Re: eBay potential phishing scam ON eBay web site, eBay would not do anything to help me by NathanG Posted Sat March 27, 2010 @ 8:25 PM the particular error you got was due to the web designer using Probably apache to host a server and not directing to an open port. Many sellers on ebay redirect you to their personal checkout page which looks different but it works perfectly fine. Freaking out thinking its a phishing page is a little premature. Did it ask for personal information? Or was it just an error page? Did it have any info on the page telling it was a checkout page for that seller? I would contact the seller and tell them what happened, it sounds like they need to reconfigure their server. Reply Vendio? They're fine. ...and you do have to may unless you can get the seller to do a mutual cancel by The Original Nethead Posted Sat March 27, 2010 @ 2:24 PM Vendio checkout is very common for people using mass fixed-priced listings of new goods. If I knew which checkout the seller uses I could tell you if it's on the up and up or a scam. If your seller is overseas they may use something else...and then I'd get nervous too. Once you clicked the Buy button you agreed to the seller's terms, which includes using their third-party checkout system. If it's not working or off-line, contact them and see if they can help or invoice you directly from the Paypal system. Most will. And it beats the **** out of trying to deal with Ebay's so-called customer service. Reply ...drat: insufficient caffeine, operator halted.... make that Pay instead of May by The Original Nethead Sat March 27, 2010 @ 2:29 PM Wasn't Vendio... by Frank F. Sun March 28, 2010 @ 4:40 AM I'm primarily a seller - I DON'T use one of those third party things by The Original Nethead Sun March 28, 2010 @ 11:33 PM Second comment (which will show up as the first one) by The Original Nethead Sun March 28, 2010 @ 11:42 PM "this seller used a specific type of payment interface that takes you somewhere else" by Donno Posted Sat March 27, 2010 @ 9:22 AM I tend to agree with the CSR - you should contact the seller about this. first of all, contacting sellers is a lot easier than contacting Ebay! I have only once made an Ebay purchase that took me elsewhere to pay. It was a lot different than the usual PayPal approach. It seemed odd, but worked. Ebay hosts the seller's ad. If the payment processing takes you elsewhere, based on the seller's ad design, it seems like Ebay's responsibility may end at that point. Reply