Saturday, December 17, 2005

eBay Needs to Protect Those that Line it's Pockets

The amount of fraud on auction sites has been steadily increasing and auctions are under attack by fraudsters, who use many methods to commit their financial misdeeds, or combinations thereof. Seller accounts are being taken over and users are victims of phishing scams. Counterfeit, recalled and stolen merchandise is routinely for sale AND fraudulent means of payment are being used to purchase items.

Does it seem like a "Scam Free for All?"

The BBC recently reported:

"Criminals are obtaining the secret passwords of eBay subscribers and using their sites to conduct bogus auctions for non-existent goods.

In a growing number of cases, would-be buyers on the UK's most used website are paying thousands of pounds to apparently reputable sellers after winning auctions on the site - only to find out they had been dealing with criminals."

eBay seems to prefer to blame phishing for the accounts being taken over and blames their users for falling for the scams. They are also blaming users for not having the proper security software on their systems, which leads to malicious software (mainly Keyloggers) being used to steal personal and financial information.

Amazingly enough, the report also states that it can take up to five days to shut down a site selling counterfeit goods and two months to provide information to law enforcement. This means (to me) that since these scams "rotate and mutate" every few days (often using stolen user information) that no one, or only the "stupid" are being caught. By the time (anyone who could do something) can obtain the necessary information, the criminals have moved on to a different identity and the process has to be started all over again.

For the entire story by the BBC, read eBay faces up to online fraud.

My message to the folks at eBay is that they better take a look at upgrading their "authentication systems" and hire some extra security staff. Blogs like mine and many others are trying to educate the very people, who are making them billions and they blame for allowing themselves to be scammed. eBay is no longer the only the only game out there and if they fail to protect those who line their pockets, they are likely to go elsewhere.

Here is a previous post, I did on eBay, XBox Latest Lure in Auction Scams .

Here is another post, I did (partially to educate eBay customers), The Top (Free) Anti-Fraud Resources Found by Fraud, Phishing and Financial Misdeeds.

4 comments:

AdMiez said...

eBay blames his own users and at the same time they stop the community when they do the job they are not doing. Many users, including me, have used accounsts with warning id's (scamcop_do_not_email_or_bid_hijacked, auction_is_a_scam_do_not_bid_or_email) to bid on these bogus items. eBay takes hours to remove the reported auctions and then suspend the accounts being used to warn potential buyers, claiming "site interference". We understand is not our reponsibility to do this, but why don't they have people doing what us the users are able to do? If it were not by the users, who are searching the site reporting the hundreds of fraudulent listings, they will never be removed.

viruswitch said...

You might call me a security paranoid but thats why I dont use the internet to shop. There are just too many ways to violate a system and this scares me. I have been checking every single process that runs on my computer and every single program and system process that wants to connect to the internet. I have been checking the ips they connect to and I often even block processes related to the operating system because I am unsure of their function. And still I dont feel safe, I feel that there are so many ways to find a hole in my system, if someone is determined to penetrate.

I dont know what the companies and governments are going to do, I will not use the internet for auctions and shopping. :D

Scott said...

This company that I have used has developed a technology that is patented and cannot be phished no matter what you throw at them.

www.multipleshiftkey.com
Phone 909-816-8729

viruswitch said...

I dont believe that there is a company that cannot be phished, or a system that cannot be penetrated. :D

Maybe its harder than usual but impossible is nothing.