I just sold my Gateway M675 laptop on eBay a second time (after writing a long blog post about my experiences).  This time I added a Buy It Now price so it ended a lot sooner.  This sale was to an account that was created today and didn’t have any selling/buying history.  I did a google search for the phone number listed and it didn’t return any results.  I also did a google search for the address and it looks like the address is the address of the Quality Hotel Times Square (157 W 47th St, New York, NY  10036).  I just tried calling the phone number and it has been disconnected.  This is starting to get really frustrating.  I’m beginning to lose faith in mainkind and eBay.

After I report it to eBay I think I’ll call the hotel to see if someone by that name is staying there.  It’ll be an interesting experiment.  I think I’ll have to see if I can restrict the auction so no user account without any purchasing/selling history can bid on it.

Does anyone have any tips for preventing this kind of thing when selling items on eBay?

If you were interested in purchasing my laptop today is your lucky day.  It has been relisted due to the winning bidder’s account getting hijacked by someone wanting me to ship the laptop to Nigeria.  It is a really decent laptop and should make a great home/office computer for someone.

Item #150170879691 - “GATEWAY M675 P4 HT 2.6GHZ 2GB 80GB CDRW 17″ WIRELESS“ - Start Date/Time:  10/11/2007 @ 12:30PM EST (9:30AM PDT)

<rant>I’m really tired of all the scammers out there sending out spoof e-mails from banks, eBay, PayPal, etc.  I’m tired of all the spammers sending out junk e-mail trying to send me billions of dollars because someone in Nigeria has died.  Luckily ExchangeDefender can take care of the symptoms of the spam problem.  However, the source of the problem still exists.  It would be awesome if there was some way to magically find all of the scammers to lock them up and throw away the key.</rant>

There are other people (example1, example2, example3) that were asking about this same scam on eBay over a year ago (as early as 08/15/2006).  In fact, they even listed the same shipping address as the one sent to me.  You would think the police would eventually shut this guy down.

The address listed was:
Adeyemi .A. Bolarinwa
No 12 Dikat House
Ring Road, Ibadan
Oyo State, Nigeria  23402

Here are some things that should raise some red flags about the e-mail screenshots that I posted below:

1. The buyer wants the seller to ship the item to an alternate mailing address.  This should raise a red flag in your mind (especially if it is an address in Nigeria). 
   TIP: Only ship to the shipping address listed by PayPal/eBay as the buyer’s address.  Also, usually only verified PayPal addresses give you protection when selling items on eBay.  I would also recommend trying to independently verify the buyer’s contact information (i.e. if their phone number is listed in the white pages you can type it into google and it will give you their home address).  Make sure you also use a reputable shipping company and be sure to get a tracking number.  Insurance might also be a good idea but I’m not sure if it protects against fraud or only shipping damages.
2. The e-mail address in the e-mail messages is a fake e-mail address (i.e. on the PayPal e-mail the e-mail address ends in @officeemail.net instead of @paypal.com which is a big red flag).
   TIP: The e-mail addresses should always end in @paypal.com or @ebay.com.  You should also be careful because the from address in e-mail messages is easy to spoof.  If you get an e-mail that you think is a spoof (even if you aren’t 100% sure) please forward the e-mail message to spoof@ebay.com or spoof@paypal.com right away.
3. Official e-mail messages from eBay and PayPal will also usually have corresponding messages that show-up on their website after you login to your account but these messages didn’t show up there for me.
   TIP: Don’t click on the website links in the e-mail but open your web browser and manually type in http://www.paypal.com or http://www.ebay.com instead.  One way accounts get hijacked is by tricking people into going to a website that looks like the real website but instead captures your login credentials and sends it to the scammer.  If they start asking you for personal information (i.e. social security numbers, credit card numbers, etc.) that should definately raise a red flag in your mind.  If you think it is a spoof e-mail (or website) please report it to eBay or PayPal right away.
   TIP: PayPal and eBay will never ask you for your personal information in an e-mail message.  If you get an e-mail that you think is a spoof (even if you aren’t 100% sure) please forward the e-mail message to spoof@ebay.com or spoof@paypal.com right away.
4. They try to make it sound like the payment has already been sent and ask you to ship out the item right away.  However, in my case the e-mail didn’t list the correct payment amount and when I signed in to PayPal there were no notices of any payments or pending payments sent.
   TIP: Never ship the item out without confirming that the payment has been received and has cleared the bank.  Be sure to login to PayPal by manually typing the address into your web browser and verify that the money is there before shipping your item.

Additional Information:

• eBay Spoof Tutorial
• PayPal Security Center:
  • PayPal Online Safety Essentials
  • PayPal Phishing Guide
  • PayPal Identity Theft Guide

Fake PayPal E-mail:

Fake E-mail From Buyer:

Fake eBay E-mail:

Commencing at midnight, August 15th, 2007 we will start relaying mail using the two new subnets announced a few weeks ago. We have also provided a helpful guide to setting up IP restrictions with Exchange 2003. It is also recommended that you enforce IP restrictions on your firewall depending on your network topology.

For the entire blog post please visit the Own Web Now Blog.

Straight from the Own Web Now Blog:

ExchangeDefender v3.1 core is now live.

Over the next five days we will go through the core aspects of ExchangeDefender and all the new features. We will provide ample screenshots and feature details so you can best implement ExchangeDefender in your day-to-day email management.

Keep an eye on our blog at http://www.ownwebnow.com/blog

Today ExchangeDefender subscribers will be getting a free new feature called LiveArchive.  I am very excited about this new feature because it will allow businesses to keep using their company e-mail accounts even if their mail server isn’t accessible for some reason.  If you don’t have the ExchangeDefender service and would like to find out more about it please let me know.  I’ll be glad to send you more information and help you get setup.  It has cut the time I spend dealing with junk e-mail down to less than 5 minutes a day.

Here is a copy of the announcement on the Own Web Now Blog:

We are very excited to announce that after months of development and beta testing, ExchangeDefender LiveArchive is officially launching this Monday, August 6th, 2007.

What is LiveArchive you ask? LiveArchive is a provision for business continuity - to allow your business to stay in business and keep on communicating even if your mail server, Internet connection or other means interfere with the mail flow to your mailbox. As e-mail is being processed by ExchangeDefender it is copied to a live mail server. The original message is delivered to your corporate mail server or sits in the queue if your mail server is down. At any time you have access to the past seven days of email via secure, web based interface available from anywhere you can browse the web. The connection is secured using commerce-grade SSL, the logins and access are audited for compliance purposes and even on-disk encryption is supported.

The best part? Well, it’s free. Yes, free as in each mailbox you currently have protected by ExchangeDefender can have a LiveArchive feature enabled through the control panel at no additional cost to you. As an additional show of appreciation for our community, LiveArchive is offered free of charge to the Florida government organizations and emergency operations during the hurricane season and has been in beta testing since March.

There is an old saying that if something seems too good to be true it probably is.  Well, the same thing definitely applies to webhosting companies.  I had a few bad experiences with cheap webhosting companies a couple years back.  The worst experience, by far, was with a company called Global Internet Solutions (or GISOL) back in 2003.  I thought it was over when I finally got my money back.  However, I am still seeing the negative effects of GISOL four years later through the eyes of other people who are in the same boat now as I was four years ago.

At first when I was dealing with GISOL I figured I could just get a refund and everything would be fine.  However, it was literally impossible to get anyone on the phone and I had a lot of trouble getting them to respond to my trouble tickets.  The more I tried to deal with GISOL the more I realized it seemed like it was a company out to rip people off instead of just a company with bad customer service.  I ended up doing a bunch of legwork to try to find someone at the company I could talk to.  I eventually found GISOL in the California Information Retrieval and Certification (IRC) database.  I also filed a report with the Los Angeles BBB which didn’t help me much personally.  In fact, they have 4 different Company IDs listed in the Los Angeles BBB and they all have “F” ratings.  They are listed there as Best Internet Services, G I S, GISOL, Inc., and Global Internet Solutions.

It was in the middle of trying to get my money back that I realized the problem was bigger than just me and it was probably happening to others as well.  They didn’t seem to just have bad customer services, they seemed out to rip people off.  It was at this time that I decided to start a website to warn people about the company in the hopes that other people would find it before they got into trouble.  In the spirit of the aolsucks.org website I decided to name it gisolsucks.com.  Every now and then someone would e-mail me or call me and tell me their personal horror story of dealing with GISOL.

I had thought about taking the website down over the past few years because I didn’t want to take the time to maintain it but always ended up deciding to leave it up in its current form.  It was the occasional e-mails I would receive from previous customers of GISOL that made me realize it really was helping people in some small way.  Within the past week or so I got a call from a previous customer of theirs who wanted to start a class action lawsuit against GISOL.  He created a website and forum for other previous customers to come together as a group to share horror stories and put together a solid case against GISOL.  If you are a previous client of GISOL you should visit their class action website at gisolclassaction.com.

This is where the story gets even more interesting.  This past Sunday (07/22/07), only a few days after hearing about a possible class action lawsuit against GISOL, I received a phone call at 10:54pm from someone who claimed to work for my webhosting company (the Caller ID was blocked).  They said that they received a court order to take down gisolsucks.com and they called me as a courtesy instead of disabling my accounts.  They mentioned something about a class action lawsuit and that taking the anti-GISOL websites down was part of the conditions of the settlement.  I asked if they could send me more information on the settlement or court order but they didn’t seem to have anything they could send me.  This seemed suspicious to me at the time but I took the site down anyway because I figured I was better off safe than sorry.  I made sure I had a good backup of the site first just in case.  I contacted my webhosting company today to confirm that the person who called me on Sunday was actually an employee of theirs and to have a copy of the court order faxed to me.  They said that they wouldn’t have called on a weekend, the Caller ID shouldn’t have been blocked, and that they would have opened a trouble ticket for it.  I thanked them for the information and decided to put the website back up to continue warning people about GISOL’s malicious business practices.

I haven’t had any “skin in the game” since I got my money refunded to me in 2004.  I am currently partnered with a couple reputable companies and am providing my clients with decent webhosting services for a reasonable fee.  However, I really hate to see others go through what I went through (or worse).  If I can help at least a few people with my gisolsucks.com website then the extra hassle of keeping it up will be well worth it.  I’ve heard many horror stories in the past few years about GISOL and it really frustrates me to know there are companies out there like that.

More Information:

• http://www.gisolsucks.com (My website detailing my personal experience with GISOL.  It is down right now but should be back up sometime tomorrow.)
• Caveat Emptor: Global Internet Solutions (GISol)
• Digg - Beware of GISOL (Global Internet Solutions)
• Web Hosting Reviews: GISOL
• http://www.gisol.ca/ - Another victim of GISOL