RealTime IT News

And the Online Fraud Goes On...

  • eBay account hijacked, bidders bilked in 'rampant' fraud
  • Man pleads not guilty in eBay fraud
  • Two must repay $35,000 to eBay fraud victims
  • Police nab fugitive in eBay fraud case
  • Police - Man arrested for failure to deliver on eBay purchases
  • FBI Seeks Hacker Who Stole eBay Info

The above are all recent headlines found in about 30 seconds worth of looking on Google News. Apparently, it's safe to say that fraud is still a problem at the world's largest online auction site.

Despite the headlines, however, eBay's official position remains the same: the rate of fraudulent transactions on the site runs about one one-hundredth of one percent, the company says. And Wall Street loves the company, which is beginning to make substantial amounts of money -- perhaps as much as $2 billion this year.

Nevertheless, San Jose, Calif.-based eBay , no doubt because of its immense success and constantly growing user base, remains a continuing target for fraud attempts, as does its PayPal online payments subsidiary, whose users are regularly targeted by scam artists.

Postings like this recent lament on an eBay bulletin board, are common:

"someone emailed my highest bidder, offering the same item i have for sale, for a lower price. the thing is, it was a private auction and only the seller (me) can see the bidders. i was surprised when the bidder emailed that he's not interested anymore and that he was offered a cheaper price. i filed a complaint with ebay and then i checked my paypal account. someone used my funds 288 dollars to be exact and paid someone who's not even active on ebay anymore. i never made such payment. i filed a complaint with paypal. the thing is, i lost all the confidence i had on ebay and paypal. how can someone just hack into my accounts and use it?"

One way they can do that, of course, is the all-too-common phony e-mail directing eBay users to a spoof Web site, where they are directed to enter their account names and passwords, sometimes under (false) threats of being banned from the site.

"Dictionary attacks against multi-user domains -- attacks in which spammers do not know specific AOL or Yahoo! e-mail addresses, but instead try many combinations until they succeed in finding a valid address... portend continued fraud attacks," said Rob Leathern, an analyst at Jupiter Research, in a recent report on fraud management. "PayPal has already experienced this combination; once fraudsters have valid e-mail addresses, they can send out e-mails with the look and feel of communications from an established (preferably large) institution that many customers will recognize.. [they do this] without even knowing precisely which users are customers of this institution. This kind of "dartboard" attack poses a danger that cannot be ignored by any firm doing business online."

Here's the text of a typical such e-mail, which falsely stated that it came from eBay: "As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts. You are requested to visit our site by following the link given below http://www.ebay.com/verification/%?6488820019 Please fill in the required information."

That site is down now, but who knows how much account data was harvested?

Wouldn't people be wise to this scam by now? Not necessarily, said one auction expert.

"There's a constant pool of potential new victims as new sellers sign on to eBay," said David Steiner at AuctionByes, which covers the world of online auctions. "And I still see a consistently steady stream of scam e-mails."

For an idea of what organizations are doing about auction fraud, please see Page 2...