I just sold my Gateway M675 laptop on eBay a second time (after writing a long blog post about my experiences).  This time I added a Buy It Now price so it ended a lot sooner.  This sale was to an account that was created today and didn’t have any selling/buying history.  I did a google search for the phone number listed and it didn’t return any results.  I also did a google search for the address and it looks like the address is the address of the Quality Hotel Times Square (157 W 47th St, New York, NY  10036).  I just tried calling the phone number and it has been disconnected.  This is starting to get really frustrating.  I’m beginning to lose faith in mainkind and eBay.

After I report it to eBay I think I’ll call the hotel to see if someone by that name is staying there.  It’ll be an interesting experiment.  I think I’ll have to see if I can restrict the auction so no user account without any purchasing/selling history can bid on it.

Does anyone have any tips for preventing this kind of thing when selling items on eBay?

If you were interested in purchasing my laptop today is your lucky day.  It has been relisted due to the winning bidder’s account getting hijacked by someone wanting me to ship the laptop to Nigeria.  It is a really decent laptop and should make a great home/office computer for someone.

Item #150170879691 - “GATEWAY M675 P4 HT 2.6GHZ 2GB 80GB CDRW 17″ WIRELESS“ - Start Date/Time:  10/11/2007 @ 12:30PM EST (9:30AM PDT)

<rant>I’m really tired of all the scammers out there sending out spoof e-mails from banks, eBay, PayPal, etc.  I’m tired of all the spammers sending out junk e-mail trying to send me billions of dollars because someone in Nigeria has died.  Luckily ExchangeDefender can take care of the symptoms of the spam problem.  However, the source of the problem still exists.  It would be awesome if there was some way to magically find all of the scammers to lock them up and throw away the key.</rant>

There are other people (example1, example2, example3) that were asking about this same scam on eBay over a year ago (as early as 08/15/2006).  In fact, they even listed the same shipping address as the one sent to me.  You would think the police would eventually shut this guy down.

The address listed was:
Adeyemi .A. Bolarinwa
No 12 Dikat House
Ring Road, Ibadan
Oyo State, Nigeria  23402

Here are some things that should raise some red flags about the e-mail screenshots that I posted below:

1. The buyer wants the seller to ship the item to an alternate mailing address.  This should raise a red flag in your mind (especially if it is an address in Nigeria). 
   TIP: Only ship to the shipping address listed by PayPal/eBay as the buyer’s address.  Also, usually only verified PayPal addresses give you protection when selling items on eBay.  I would also recommend trying to independently verify the buyer’s contact information (i.e. if their phone number is listed in the white pages you can type it into google and it will give you their home address).  Make sure you also use a reputable shipping company and be sure to get a tracking number.  Insurance might also be a good idea but I’m not sure if it protects against fraud or only shipping damages.
2. The e-mail address in the e-mail messages is a fake e-mail address (i.e. on the PayPal e-mail the e-mail address ends in @officeemail.net instead of @paypal.com which is a big red flag).
   TIP: The e-mail addresses should always end in @paypal.com or @ebay.com.  You should also be careful because the from address in e-mail messages is easy to spoof.  If you get an e-mail that you think is a spoof (even if you aren’t 100% sure) please forward the e-mail message to spoof@ebay.com or spoof@paypal.com right away.
3. Official e-mail messages from eBay and PayPal will also usually have corresponding messages that show-up on their website after you login to your account but these messages didn’t show up there for me.
   TIP: Don’t click on the website links in the e-mail but open your web browser and manually type in http://www.paypal.com or http://www.ebay.com instead.  One way accounts get hijacked is by tricking people into going to a website that looks like the real website but instead captures your login credentials and sends it to the scammer.  If they start asking you for personal information (i.e. social security numbers, credit card numbers, etc.) that should definately raise a red flag in your mind.  If you think it is a spoof e-mail (or website) please report it to eBay or PayPal right away.
   TIP: PayPal and eBay will never ask you for your personal information in an e-mail message.  If you get an e-mail that you think is a spoof (even if you aren’t 100% sure) please forward the e-mail message to spoof@ebay.com or spoof@paypal.com right away.
4. They try to make it sound like the payment has already been sent and ask you to ship out the item right away.  However, in my case the e-mail didn’t list the correct payment amount and when I signed in to PayPal there were no notices of any payments or pending payments sent.
   TIP: Never ship the item out without confirming that the payment has been received and has cleared the bank.  Be sure to login to PayPal by manually typing the address into your web browser and verify that the money is there before shipping your item.

Additional Information:

• eBay Spoof Tutorial
• PayPal Security Center:
  • PayPal Online Safety Essentials
  • PayPal Phishing Guide
  • PayPal Identity Theft Guide

Fake PayPal E-mail:

Fake E-mail From Buyer:

Fake eBay E-mail:

Commencing at midnight, August 15th, 2007 we will start relaying mail using the two new subnets announced a few weeks ago. We have also provided a helpful guide to setting up IP restrictions with Exchange 2003. It is also recommended that you enforce IP restrictions on your firewall depending on your network topology.

For the entire blog post please visit the Own Web Now Blog.

Straight from the Own Web Now Blog:

ExchangeDefender v3.1 core is now live.

Over the next five days we will go through the core aspects of ExchangeDefender and all the new features. We will provide ample screenshots and feature details so you can best implement ExchangeDefender in your day-to-day email management.

Keep an eye on our blog at http://www.ownwebnow.com/blog

Today ExchangeDefender subscribers will be getting a free new feature called LiveArchive.  I am very excited about this new feature because it will allow businesses to keep using their company e-mail accounts even if their mail server isn’t accessible for some reason.  If you don’t have the ExchangeDefender service and would like to find out more about it please let me know.  I’ll be glad to send you more information and help you get setup.  It has cut the time I spend dealing with junk e-mail down to less than 5 minutes a day.

Here is a copy of the announcement on the Own Web Now Blog:

We are very excited to announce that after months of development and beta testing, ExchangeDefender LiveArchive is officially launching this Monday, August 6th, 2007.

What is LiveArchive you ask? LiveArchive is a provision for business continuity - to allow your business to stay in business and keep on communicating even if your mail server, Internet connection or other means interfere with the mail flow to your mailbox. As e-mail is being processed by ExchangeDefender it is copied to a live mail server. The original message is delivered to your corporate mail server or sits in the queue if your mail server is down. At any time you have access to the past seven days of email via secure, web based interface available from anywhere you can browse the web. The connection is secured using commerce-grade SSL, the logins and access are audited for compliance purposes and even on-disk encryption is supported.

The best part? Well, it’s free. Yes, free as in each mailbox you currently have protected by ExchangeDefender can have a LiveArchive feature enabled through the control panel at no additional cost to you. As an additional show of appreciation for our community, LiveArchive is offered free of charge to the Florida government organizations and emergency operations during the hurricane season and has been in beta testing since March.