Sunday, December 10, 2006

Do you want something for nothing? So do the scam artists!

Do not become a victim of fraud on eBay.

This public service information is brought to you by the members of Team Whack a Hack and The Nekkid Truth Blog.

Crime has moved high-tech and one of its biggest playgrounds is eBay. The international online auction giant has been playing host to thousands of scam artists. The thieves use a variety of tools to hijack legitimate accounts, list items for sale that they do not have, and fool people into sending money via Western Union and Money Gram, which can be picked up with virtually no identification at scores of locations worldwide, often with corrupt WU employees participating in the scam. The ploys they use to cheat innocent buyers and sellers is limitless, with new ones being thought up everyday.

Hundreds, thousands and possibly millions of American consumer dollars are being funneled to criminal outfits overseas as a result of fraud on eBay. Money lost is money not spent here at home.

With eBay's sophisticated software, it seems unbelievable that the company doesn't do more to protect its members. Bill Cobb, President of eBay North America, said in a radio address December 2, 2006, that eBay catches 90% of the fraudulent listings before they are uploaded into the categories for public view. With software that detects third-party intrusions, it seems reasonable to expect eBay to run scans of every account on a daily basis. However, eBay conducts these scans only on accounts that have been reported as suspicious by its members. This ounce of prevention would drastically cut down on the number of Account Take Overs (ATOs). Instead, thousands of unpaid volunteers, eBay members themselves, manually police the accounts and ferret out the ATOs themselves. Without special software, this is a time-consuming, and often thankless task.

Because of its status as a selling "venue", eBay claims it has no legal duty to police the millions of listings and accounts in its possession. Rather than being proactive about fraud, eBay's approach is to send Technical Knock Out notices (TKOs) that are frequently received by winning bidders after the fact. A conscientious buyer might have already sent payment and lost their money. eBay - you are doing too little, too late! This is not a "venue" - this is people's livelihoods!

eBay profits handsomely from both buyers and sellers. The auction giant has an obligation to provide a safe and secure marketplace in exchange for the fees it charges. eBay should not be a "buyer beware" marketplace where members must solely watch out for themselves. eBay has fostered a false sense of security, leading many to trust unsafe transactions. That is exactly what the criminals are counting on. If eBay does not cooperate now and implement safeguards, the company might find itself facing more and more lawsuits.

Once an ATO has been uncovered, the volunteer completes eBay's web form for reporting a site violation. With the resources available to this $40 billion corporation, it should only be a matter of one or two hours before the fraudulent listings are taken down, and the account returned to its rightful owner. However, listings often remain on the site long enough for an unsuspecting buyers to complete the sale outside of eBay and lose their money. Volunteers have pleaded with eBay, often through their "Live Help" online function, to take the listings down before users get duped and lose money that is almost never fully recoverable.

One area of high fraud includes consumer electronics. Topping that category are listings for Nokia N95 cell phones, which are not scheduled for release until March, 2007. Shopping for Sony Play Station 3, Alienware laptop computers, or GPS devices, is like walking through a minefield and hoping you have made the right step.

So, how does it work? This type of fraud usually begins with a fake email, sent to gather the identification and password of unsuspecting users. This type of email is known as a phish or a spoof email. A person gets an email that looks very much like it originated from eBay or PayPal, with a link for the recipient to click on. It might be a fake "Ask The Seller A Question" email with a link to "Respond". The person clicks on the link and is taken to a site that requires them to sign in. Phishing software at the other end collects the keystrokes entered, and the scam artist now has the sign-in ID and password of the eBay member. There are many variations of this, such as a redirect button within the fraudulent listing itself that takes the user to a bogus sign-in page. In the event you should ever receive a phishing email message, report it to Phishtank.

Armed with this information, the thieves take over that eBay account and put up phony listings. In an attempt to hide the fraudulent nature of their activity, they list the items in the wrong category. For example, Sony PS3 might be listed in the Health and Beauty category. Just as one would not look for toothpaste in the supermarket's deli department, one would not expect to find a Sony PS3 in eBay's Health and Beauty category.

Another telltale sign of fraud is an extremely low initial bid -- for example the Alienware listings that begin at $.99. There is a Buy It Now mentioned in the listing, however eBay's official "Buy It Now" button is absent. Instead, the buyer is encouraged to contact the seller outside of eBay at an email address included by the scammer in the listing. After contacting the seller, the buyer is instructed to send the money via Western Union or Money Gram. The buyer complies, and never receives the item. Money and thief have disappeared!

One sad example of this is of a woman that entered into a transaction with a hijacker in November. The buyer desperately wanted four tickets to a Dallas Cowboys football game and sent $1,100 to the scammer. She saw a listing that aroused her interest, contacted the email address in the listing, received a fake eBay invoice, and soon sent a Western Union wire transfer of $1,100 to a thief in the United Kingdom. Even Western Union tried to warn this buyer, but she was adamant about purchasing these tickets. All the red flags mentioned above to not get involved in this transaction were in the listing. However, greed consumed this naive buyer. The $1,100 loss is unrecoverable, and the buyer learned a very expensive lesson about the necessity of researching her trading partners. Instead of being a fan at the game, this buyer will have to watch it on television.

It isn't just the buyers that need to beware. There are several scams run on sellers as well. One is known as the Nigerian 419 scam. After hijacking a legitimate eBay account, the fraudster bids on a listing for a price so high that others are unable to win the auction. Immediately after winning, the seller receives an email from the so-called buyer asking that the item be shipped immediately to Nigeria. The Nigerian scammers even offer to pay an extremely high shipping fee, provided the seller ships the item immediately. Within minutes, the seller receives a fake PayPal email stating that the money has been deposited in the seller's PayPal account and it is now safe to ship the item. However, savvy sellers that check their accounts will see that no money has been deposited. The unlucky ones ship the item.

Another twist on this scam is the one in which a scam artist offers to send a money order in excess of the winning bid amount. The buyer gives an excuse as to why the money order is over the amount due and requests the seller to refund the excess cash through unsafe methods, particularly Western Union, a favorite among scam artists. Upon receiving the money order, seller ships the item along with the refund. The money order is counterfeit and the seller loses both the item and the refunded amount.

With so many schemes proliferating on eBay, what is a buyer or seller to do? The key as a bidder or seller is to arm yourself with information. There are dozens of sources of information on and off eBay. Start with eBay guides. They provide tips for protecting yourself. Also, check out eBay's Trust & Safety Discussion Board and the many other community boards that are related to specific categories.

Here is a checklist of things every buyer and seller should be aware of:

1. Thoroughly read the feedback of the seller, not just the aggregate number or the percentage. To weed through read all of a member's neutral and negative feedback, use the tools on Toolhaus or Goofbay. Look at not only what the seller received, but also what the seller left for others. This gives you an insight as to the personality of the seller.

2. Some say if the seller's percentage is less than body temperature, beware!

3. Look at what the seller has sold in the past. Was the seller selling inexpensive doilies for years, and then just began selling Dell computers and plasma TV's for a week or day?

4. Check the auction terms closely. Look for what the seller has to offer. Is there any hidden text, such as "You are bidding on the picture of the TV only"?

5. Use eBay's Ask The Seller A Question feature, (ASQ) to find out more about the seller or the product. DO NOT ASSUME ANYTHING!

6. Research the retail value of the item. Is the seller offering it for less than retail?

7. Be realistic. Is this deal too good to be true? If it is, then don't enter into the transaction.

8. Check for penny auctions in the feedback score. This is a quick way for a scam artist to build up to 10 positive and get the star beside the user ID, (eBay's "sign of honesty" so to speak).

9. How does the seller want to be paid? Are the payment options satisfactory for you?

10. How fast does the seller require payment? It is unreasonable for a seller to require payment within 24-48 hours. Scam artists want their money fast so buyers won't have time to discover their mistake.

11. Beware of the seller that requires you to contact them outside of eBay. One frequent scam is to say that the seller cannot get into his My eBay messages. Scam artists use every excuse in the book for not wanting a buyer to use eBay's ASQ. All ASQ messages are sent to each member's My eBay mailbox, along with a copy going to the registered email address of the member. If an ASQ message is sent to a member, the true member will be alerted that his account has been hijacked. NEVER send messages to members via any means other than ASQ. ALWAYS check to make sure that any messages sent to your email address are also in your My eBAY messages mailbox. NEVER COMPLETE A SALE OUTSIDE OF eBAY!!

12. Beware if the listing has a lot of common words misspelled. How is their grammar? Poor grammar is a clue that the seller might be a scam artist operating from another country. The Internet knows no boundaries. Someone from Hong Kong, Greece, or Romania can steal your money just as easily as someone from the USA.

13. Look at the photos in the auction. Does the photo have another user's watermark on it? Does the listing have stock photos?

14. It takes time to be safe. If you are in a hurry, do not buy that day!! Make sure you research your item thoroughly before committing to bid.

15. What category is the item in? Most experienced sellers will have the doilies in the Collectibles category. If you see a laptop computer in the Health and Beauty category, beware! Don't even consider entering into a transaction when the item does not match the category.

16. Compare the item to other sellers that are listing the same or similar item. How close are the values for like items? Laptop computer from a retail store - $1,500. Laptop from a (10) feedback seller with questionable history - $600.00. DO NOT BID.

17. If an item is something you are familiar with, make sure to ask the right questions. If you are not familiar with it, get a second and third opinion.

18. Do not get greedy! Do not rush! Pay attention when warned what to look out for.

19. If an auction looks like a scam, report it.

20. Keep all ad-aware, spyware and anti-virus protection programs up to date. Scan regularly!!

21. Do not be foolish!! If it is too good to be true...IT IS!! It is far better to lose out on a "good deal", than to lose all of your money.

22. Change your passwords regularly. Use a combination of upper case and lower case letters along with numbers. Make your password more than 6 digits long. Never use the same password for more than one account. If you have the same password for your email, eBay account and PayPal account, a hijacker only needs that information once to hack all three accounts.

23. Never click on links within emails, especially if it looks like it is coming from eBay or PayPal. Thieves use the phishing emails to obtain your information. When a message appears to come from eBay or PayPal, go to your eBay or PayPal account and look in the My Messages section. Only there are you safe to click on a link.

24. If a listing contains a button or link that takes you to a sign-in page, DON'T CLICK ON IT! This is known as a redirect. It takes you to the crook's fake login page where your sign-in information is captured.

25. Always Google the email address in a listing and see what comes up. Check The Nekkid Truth Blog and see if the email address is listed. The list is updated daily. Report any suspect email addresses and fake domains not listed to the blog.

26. Make sure the country the seller is registered in matches the country the item will be shipped from. For example, if the seller is registered in the USA and the item is located in Greece, beware!

27. Does the currency accepted match the currency of the seller's registered country? Do they accept Euros but have an account registered in the USA? Don't bid on this item!

Team Whack a Hack has a few suggestions for eBay. First, inactivate any member's account that has been dormant for more than 30 days. If the member is not buying or selling on a regular basis, they probably are not checking their account for bogus listings. They most likely have no clue that their account has been taken over. What a shock it is when this member receives a bill from eBay for hundreds of dollars in listing fees for listings the thieves used to steal from other members. When members decide to become active again, they could simply go to a special web form to activate their accounts.

Second, eBay should have more safeguards in place to detect and terminate accounts set up for the sole purpose of defrauding the public. If volunteers can detect these accounts from the comfort of their homes, why then can't eBay, a company that possesses far more resources than the volunteers do?

With all of the redirects, keyloggers, and viruses hidden in the listings created by the hijackers, surfing on eBay is about as safe as having unprotected sex with a stranger. And, what is worse is that as eBay hides behind its venue status, it is doing little or nothing to solve these problems and protect its members.

Team Whack a Hack strongly encourages any person that has lost money due to fraud on eBay, to contact their local government representatives and demand they take action to hold eBay accountable for the rampant fraud on their site.

One final note: Putting a hijacker's email address on The Nekkid Truth Blog is for Eternity. Team Whack a Hack reporting hijacked accounts, protecting bidders and shutting down hijackers ... Relentless!!!

For further information please send email to

No comments: