Monday, October 08, 2007

The continuing saga of Vladuz and Phishing on eBay

Here is an update to the ongoing saga of Vladuz versus eBay. Apparently, Vladuz, or someone claiming to be him, accessed eBay's servers and suspended some eBay accounts.

Ina Steiner reports on the AuctionBytes blog:

eBay confirmed that a known fraudster had limited access to a very small number of eBay accounts on the eBay.com site and the company appeared to have reacted quickly to block him on Friday. eBay spokesperson Nichola Sharpe said, "At no point did the fraudster get any access to financial information or other sensitive information." In a strange twist, some users reporting the incident said they had been openly critical of a hacker calling himself Vladuz and had been suspended briefly during the incident.
It is strange that some of the people suspended were openly critical of Vladuz?

Notably, this is the first time eBay has admitted Vladuz accessed their servers.

In another development, eBay, PayPal and Yahoo are joining forces to combat phishing. Phishing is a phenomenon that has caused a lot of eBay and PayPal account holders a lot of grief. Experts maintain that eBay and PayPal are the two most phished brands out there.

Phishing is where an account holder is duped into giving up their access information via social engineering (trickery).

The intent of the phishermen, who target eBay/PayPal accounts is normally to take the account over and commit even more fraud.

This activity gets more sophisticated all the time with crimeware (malware) being used (which steals the information automatically), and DIY (do-it-yourself) phishing and hacking kits being marketed in underground Internet forums.

Reuters, courtesy of the Washington Post is reporting:
EBay and PayPal have upgraded their computer systems to support an emerging technology standard known as DomainKeys invented by Yahoo that authenticates e-mail senders are who they say they are, allowing Yahoo to block fake e-mails.

The technology upgrade will be made available to Yahoo Mail users worldwide over the next several weeks, the company said.
If you are interested in how bad the phishing phenomenon is getting, the National Consumers League has a very well written and informative paper on the subject, here.

They also have an interesting document, which although is a little dated, shows the increase in auction fraud and calls out that eBay severed their ties with them.

It should be noted that auction fraud doesn't only occur on eBay. It can and does happen on all the auction sites. The reason we hear more about it on eBay is because they are the used by more people than the other sites.

For the scammers that means there are more potential victims to harvest there.

NCL article on auction fraud, here.

AuctionBytes blog post on this, here.

Reuters story on eBay/PayPal's efforts to combat phishing, here.

Here is my most recent post about Vladuz allegedly raising his head again:

Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?

No comments: