Skip to main content

Replies sorted oldest to newest

Hi itsjustme,

Thanks for posting about your experience here. I reviewed your Auctiva account and was unable to find any evidence that our system sent you an email like the one you described recently, so this is something that I would like to look into further. I suspect the email was a SPOOF of some sort, but I would need to review the email to form a more confident conclusion.

If you still have this email, please contact our customer support team and ask us to provide you with an email address that you can forward the email to. I will be happy to take a look at it and let you know what I am able to find out.

-Mike
Well, well. Maybe this EXPLAINS why my Auctiva account was HIJACKED today...?

Yup. After over 4 hours (for real - FOUR hours) on the phone w/ eBay, thinking that my EBAY account was hacked, we finally figured out that my AUCTIVA account was hacked.

So I came to these boards to find out if anyone else's was hacked and ran across this post. OMG, and I am SO SMART about spam, spoof, phishing! I remember "validating my new token" just last week, from my iPad. I did NOT see any "s" after the http, which made me wonder...but I figured the links appear differently on my iPad.

Today some hacker listed 5 different iPads/iPhones onto eBay from MY Auctiva account. I was getting emails that my $400 items sold. I didn't have any iPads, etc. so I called eBay immediately. Even they were stumped and they probably just stopped investigating when we discovered this together on the phone just 30 minutes ago.

YOU HAVE NO IDEA HOW SCARED & PISSED I was, and what a BAD DAY I've had today. Even lost the motherboard on my BRAND NEW PC I got for Christmas.

I wrote Auctiva about this a half hour ago. I want to know if I should leave this hacker's stuff on my account here, or delete the stuff. ?? eBay told me that they contacted Auctiva staff and that I should expect a call from Auctiva "tonight".

So tonight when I logged in, I got ANOTHER message to "validate a new token", so I did. I only hope that I gave it to the legit site!

Meanwhile, I've changed p/w's on most all of my online accounts. I'm sure I can't be the only one this has happened to, and Auctiva SHOULD WARN other sellers about this...now.

And today eBay ended 103 of my listings, including auctions, and I have to relist them all manually because Auctiva's "Closed Listings" bulk relist tool hasn't worked for 3 weeks now ~ they're taking their sweet time fixing that!

And I'm not going to bulk list them w/ eBay's relisting tool because I want them spaced out. So I am losing a lot of money over this. What a freakin day!!!!!
Sorry for the problems you two had. . .

While I to my knowledge have not had this issue, I appreciate the thumbs up. I frankly would not know what to look for. . and let's face it most people do not "really" check the links.

I am glad to at least know about what this is looks like so would not touch anything that resembles it.

Big question, HOW is someone getting our auctiva information to send this? Could this possibly be their system has been hacked into?? Or that possibly an employee has gotten this information? Not saying an employee has, but I would assume that could be possible. Or information obviously is all over the world now. Even my bank agreed that my information is not really "that" safe, especially when things are outsourced.

I am not a computer techie so am wondering how this happens?

Perhaps if auctiva had responded to the first post acknowledging the problem with maybe a warning upon sign it, others would not endure this and this would sure help newbies.

Just a thought...
Thank you for the support, you two. Mike, when I have HOURS into phone support, changing pw's on every site, and at the same time freaking out and feeling scared, double-checking all my info on ALL my registered sites, etc. do you really think I'm going to remember to "check my token" on Auctiva? I've never even done that before, so the thought wouldn't even occur to me.

Sorry, I guess I'm just not as "intelligent" as YOU are. You're the MAN!

Off to go relist part of my 103 auctions that eBay ended for nothing. Just glad they didn't end all 578! (unbeknownst to me, she was ending them while I was on the phone [support], and I happened to check my email while on the phone and freaking out, I yelled, "WHAT THE!!?? Why are my listings ending????!!". At that point, she stopped ending them, or I'd have a completely empty store today.

Wish Auctiva would fix their "Closed Listings" so that I can relist from there, but no....!
womandi, i deleted the closed listings "mistakes" on my own and have not had a recurrence.

so save yourself some time and relist the 103 from closed listings.

it has worked all week and believe me i check every day twice a day for duplicates after the lovely suspension after the auctiva outage.

again, i thank you for such complete documentation. i know it helps me...if nothing else than to know its not just me.

if it weren't for a couple of other folks here on forum i'd never know if the incidents were isolated.
All right people. Play nice.

Just remember ONE rule and your life will be less traumatic:

NEVER EVER CLICK ON ANY LINK IN ANY EMAIL; TRUSTED OR NOT !!!!!

Employees of Auctiva are NOT the bad guys (and gals). It is simple for a crook to look at your listings on eBay, see that you list with Auctiva, buy something cheap from you, get your email, and then send you the bogus request to generate a new token.

I have received these types of emails for years, nothing new. To verify the authenticity of the email, just go to the home page of the organization that supposedly sent the email.

All together now:

"NEVER EVER CLICK ON ANY LINK IN ANY EMAIL."

Now have a nice mellow President's Day.

Doug
quote:
Originally posted by DLOHO:
All right people. Play nice.

Just remember ONE rule and your life will be less traumatic:

NEVER EVER CLICK ON ANY LINK IN ANY EMAIL; TRUSTED OR NOT !!!!!

Employees of Auctiva are NOT the bad guys (and gals). It is simple for a crook to look at your listings on eBay, see that you list with Auctiva, buy something cheap from you, get your email, and then send you the bogus request to generate a new token.

I have received these types of emails for years, nothing new. To verify the authenticity of the email, just go to the home page of the organization that supposedly sent the email.

All together now:

"NEVER EVER CLICK ON ANY LINK IN ANY EMAIL."

Now have a nice mellow President's Day.

Doug


Hi Doug,

Very well put (better than me).

I get at least 3 of these a year on my eBay account and the first thing I do is check my eBay message center and if it's not there I know it is a spoof.

I get one a month about my token from Inkfrog and I closed my account over 2 years ago because they didn't have a clue.

I still stand by that you shouldn't post a possible spoof link in a public forum.
I am not sure who the
quote:
All right people. Play nice.
is meant for. However, I find it condescending to any seller who has had a big issue or any of us. We are not 3 year old children and you the parent (although you may be older and wiser who knows). I believe the forums are to speak your mind just as has been done.

quote:
Employees of Auctiva are NOT the bad guys (and gals)


I do not believe anyone said auctiva employees were the "bad guys" and not sure where you saw that? Sorry if one interpreted my note as saying auctiva employees where the BAD GUYS and GALS but that was that persons interpretation not what was written.

In all honesty we do not KNOW the BAD guys, DO we? Therefore, we have to look at all possibilities and that is one of many that can be thrown out here. Just as their are unscrupulous sellers, buyers, bankers, car dealers, preachers, postal workers, etc., there are that type of people in any business. I do find the radar up on businesses that outsource their customer service that have my information. Sorry, but after my extensive conversation with bank, I have radar up even more now than ever before.

As far as clicking links.. unfortunately, ebay sends notifications with links that are not in our messages all the time. (i.e., item watched reminders, saved watch reminders, daily deals and quite a few others). Yes, possibly we should not click on those, but most people do. How else would you get your saved searches to come up other than doing a search on each item each day?

Other companies send emails with links, how in the world do you have time to check out each company that provides links? Just as the links here on forums, I rarely hesitate to click on those (some I do think twice and do not click). That is how most of us bring business to our site is by including links, so am not sure this NEVER EVER CLICK ON LINK is feasible really.

As far as auctiva, their support questions are responded to with link to their site. Possibly if this is problem they should NOT put the link in their email and just put that they have responded to log into auctiva and check support case? Or perhaps something in place where if token needs updating the person is just told to go to their site and no link in there. Perhaps a NO LINK policy just an email informing person to log in to their auctiva account direct when they get to log in page a note saying you need to do whatever____ or your support case has been answered???

I do not know solution, but know it was very real problem to womandi and itsjustme and auctiva has not addressed on forum since asking that note be sent to them. . so does make one wonder. . .seems like a note of reassurance would be helpful here.

Thanks
Last edited by lookandbuyme
Hi Community,

As some contributors to this thread have pointed out, it is not uncommon for hackers to send out emails purporting to be from Auctiva, or any other service that can be exploited for financial gain, with the intention of stealing the account information of unsuspecting users. It is important to understand that this happens and to treat any emails containing links to pages that ask for sensitive information with caution.

We have seen several variations of SPOOF emails circulate over the years, but the token generation theme seems to be the most common, most likely because the token generation process requires entering both your Auctiva credentials and your eBay credentials and would allow the sender to get both sets of credentials at the same time.

Generally speaking, I would simply recommend not clicking links in emails that ask you for sensitive information. However, you can typically confirm whether an email is a SPOOF by clicking the provided link and looking at the URL of the page you are directed to.

For example, if you click a link in an email that is said to be from Auctiva and you are taken to a page with a URL that does not begin with “www.auctiva.com”, then the email you received is definitely a SPOOF and you should forward it to abuse@auctiva.com so we can work on getting the SPOOF site taken down as soon as possible.

It is difficult to state where these people get the email addresses they send these emails to, but I believe that it was common for them to be parsed from the descriptions of eBay listings and that could have been one of the reasons that eBay no longer allows sellers to enter email addresses in listings. We hear from some sellers who have received these emails even though they have never signed up for Auctiva before.

Also, remember that you can always generate a new token directly through your Auctiva account by logging in through Auctiva.com, mousing over the “My Account” tab, selecting the “eBay” option under “Settings” and then clicking the “Get New Token” on that page to avoid any possibility you might be biting on a SPOOF email.

I hope you find some of this information to be helpful. If you have any other questions, please feel free to contact our customer support team by mousing over the “Help” tab and selecting the “File Support Case” option.

-Mike

Add Reply

Copyright © 1999-2018 Auctiva.com. All rights reserved.
×
×
×
×
Link copied to your clipboard.
×