For many of our Phoenix area construction, architectural, and engineering clients, eBay can be an effective marketplace for procuring equipment and supplies. It is also a large successful platform that makes it an attractive target for thieves and hackers trying to easily convert your assets into their assets.
It seems that eBay is fighting fraudulent eBay purchases by scanning your computer for Windows remote access programs when you navigate to their site.
Why: Many users save credentials to login to their eBay site and the attackers were able to take control of compromised computers via remote access programs, log in to eBay, and make fraudulent purchases. This type of hack is often referred to as a Remote Access Trojans or (RAT).
Cases reported included gift card purchases, iPhone purchases, and PayPal transfers.
Here are some descriptions from victims:
"The hacker got into my work PC. I have my email passwords set to auto log in. They were able to reset my amazon and PayPal passwords and made nearly $500 worth of purchases."
"Computer was accessed via TeamViewer remotely and roughly $4,000 was transferred via PayPal to various random PayPal addresses."
"At 5:11 am PST while I was still asleep, the culprits logged into my secondary office computer and the first thing they did is log into my Gmail account and set it to forward my all my incoming email to this address: firstname.lastname@example.org, then immediately logged into Amazon thru my browser and ordered $150 worth of XBox gift cards. Further, they logged into my PayPal account then ordered $200 worth of iTunes cards. They also tried eBay but I don't have an account there anymore. Finally logged into some Netherlands website that exchanges gift cards for cash (I assume to cash out all the gift cards they stole) Connection closed at 5:22 AM, so they were in and out of my machine fast and it was well rehearsed in my opinion.
I checked my Teamviewer logs and the last TV connection was from user # 813531960 (which is unknown to me) I'm still on the hook with PayPal for $200 and steaming mad about it."
Bleeping computer recently reported that they detected 14 different ports being scanned by eBay to help prevent such attacks. Our founding member, John Finnigan offered this analogy, "An act like this would be like a person walking around the neighborhood, rattling your door to see if it is locked. eBays intentions might be good, but the act is still intrusive." It can make doing business with eBay difficult if you use any of the tools they have flagged as high risk for legitimate reasons, and it is information if it were ever to fall into the wrong hands via a data breach it could be used by hackers to quickly identify vulnerable computers.
The question is: Is a port scan like this an acceptable way to mitigate the risk of businesses and protect sellers and their customers or are they intrusive? If you have an opinion, we would love to hear about it in the comments.
If you want more technical details: Link to Bleeping Computer's Original Article
How to do you fix this? Make sure that you’re not using the ports listed, and make sure that your computer requires you to re-enter your passwords each time you unlock the screen. And of course, never leave your computer without locking the screen.