fraudulent ebay listings, how easy is it?

[tom clark]

Hi all, I was curious. I cruise ebay all the time looking at aviation stuff. I got to looking at the garmin 396 auctions and noticed some listings that were very obviously fraudulent. Somebody highjacks an account, thus stealing their great reputation, and does a quicky auction on a garmin 396 and pockets whatever they get for it. If you look at the sellers other auctions, the theif has put up dozens of other bogus auctions, thus multiplying their odds of hitting it big. Even better, they tell you "dont bid", shoot me an email and they get you to western union them $500 for a unit that's never gonna showup! And with WU, theres no recourse.

Anyway, we all know the scams and i am getting off topic. Since I started reporting these things about a month ago, I notice there are typically 6-10 up there everyday. As fast as they're removed another bogus auction pops up there. I am curious, just how easy is it to steal an identity on ebay? Little doubt I am seeing a miniscule portion of all the fraud on ebay but I am truly impressed with the seemingly endless supply of stolen accounts these theives seem to have access to. Anybody have a little insight into this? thanks! tc

 

[wbarnhill]

Hi all, I was curious. I cruise ebay all the time looking at aviation stuff. I got to looking at the garmin 396 auctions and noticed some listings that were very obviously fraudulent. Somebody highjacks an account, thus stealing their great reputation, and does a quicky auction on a garmin 396 and pockets whatever they get for it. If you look at the sellers other auctions, the theif has put up dozens of other bogus auctions, thus multiplying their odds of hitting it big. Even better, they tell you "dont bid", shoot me an email and they get you to western union them $500 for a unit that's never gonna showup! And with WU, theres no recourse.

Anyway, we all know the scams and i am getting off topic. Since I started reporting these things about a month ago, I notice there are typically 6-10 up there everyday. As fast as they're removed another bogus auction pops up there. I am curious, just how easy is it to steal an identity on ebay? Little doubt I am seeing a miniscule portion of all the fraud on ebay but I am truly impressed with the seemingly endless supply of stolen accounts these theives seem to have access to. Anybody have a little insight into this? thanks! tc

Social engineering (Dear Sir/Madam: My name is Joe Bartholomew from eBay's Security and Fraud Task Force. We need your password... blah blah blah)
Virus/Trojan that will keylog passwords

Or they'll just go the "simple route"

They create fake accounts and bid on their own auctions to boost their feedback score. Then they go and put up the fraudulent listings. If one person bites, they feel it's worth it. Then they leave that account after a month (when eBay wants the fees for the listings) and start all over.

I've mentioned a few to eBay and the accounts were deleted within an hour. Just make sure that the person is truly a scammer.

 

[Greebo]

Well, I'm speculating here, but I'd say that the most likely way these scammers manage to steal accounts is by engaging in broad sweeping phishing schemes.

I get countless emails from frauds presenting themselves as banks, ebay, paypal, and other various and sundry and they always say things like, You need to update your account, or we recorded an unauthorized access, or we've added a new email to your account at your request, and they always contain a link in them that takes you somewhere that LOOKS like the real site.

So someone with a good ebay account, if they fall victim to one of these phishing expiditions, goes to the bogus site and "signs in" and, if the scammer sets it up right, the victim never knows they've just transmitted their username and password THROUGH the scammers system and into their database. All the scammer needs is a webserver that sits between ebay/paypal/whatever and the victim. NOt all that hard really if you have the coding skills.

And then, a bit later, the scammer who's dutifully captured the username and password, logs into ebay, and changes the person's email and password. Boom, stolen account.

There are other methods, as well - but the phishing scam is cheap for the scammer, broad reaching (can send out billions of emails for next to nothing) and, clearly, works all too often.

 

[tom clark]

phishing was my first thought. but geez, you're a power seller with 11,000 positive feedbacks and you fall for that? i guess i was looking for something more devious. but maybe it is that simple. i still think theres stuff that goes on out there behind the scenes. i signed up for a chase/sw airlines credit card. it was not 24hrs from the time i got it that the phishing started. thats more than coincidence in my book! tc

 

[Greebo]

I was in Annapolis last year and wandered into a memoribilia shop, and the shop keep there had a computer set up that was set to Ebay and he was constantly refreshing the screen.

And when I saw that, it hit me that it would be a safe bet that a lot of these power sellers are small shops like that.

And small shops are notoriously bad about computer security. If they have a 'shop based email', for example, its likely that not just the owner, but one or two clerks probably are all responsible for checking that email regularly, along with updating the ebay listings, posting new ones, and so forth.

From that starting block, its easy to picture how this can happen so often.

The internet is still populated by a majority of people who don't have the slightest idea how it works, after all.

 

[alaskaflyer]

Hi all, I was curious. I cruise ebay all the time looking at aviation stuff. I got to looking at the garmin 396 auctions and noticed some listings that were very obviously fraudulent. Somebody highjacks an account, thus stealing their great reputation, and does a quicky auction on a garmin 396 and pockets whatever they get for it. If you look at the sellers other auctions, the theif has put up dozens of other bogus auctions, thus multiplying their odds of hitting it big. Even better, they tell you "dont bid", shoot me an email and they get you to western union them $500 for a unit that's never gonna showup! And with WU, theres no recourse.

Anyway, we all know the scams and i am getting off topic. Since I started reporting these things about a month ago, I notice there are typically 6-10 up there everyday. As fast as they're removed another bogus auction pops up there. I am curious, just how easy is it to steal an identity on ebay? Little doubt I am seeing a miniscule portion of all the fraud on ebay but I am truly impressed with the seemingly endless supply of stolen accounts these theives seem to have access to. Anybody have a little insight into this? thanks! tc

Ah, the $300 Garmin 296. No such thing as a free lunch, not even on Ebay.

 

[wsuffa]

Approach EBay like you'd approach the Khan el-Khalili....

There are quite a fair number of legitimate sellers, but a huge number of fraudsters. It ranges from the obvious scams like you saw to pirate software, counterfeit jewelry, and folks that just don't pay - or don't ship the goods.

Probably 10-15% of the transactions I've done on Ebay have involved some sort of problem - ranging from fradulent/pirate software (represented as original with a picture of similar goods showing the authentic marks) to goods that were misrepresented (parts missing) to defective goods. As a total dollar value, these have made up less than 3-5% of the amount I've bought on eBay, and in most cases, I've gotten my money back. These days, I rarely buy anything from eBay - too much chance of ripoff, and Paypal (an eBay company) has miserable policies for resolving problems. Better to not even chance it.

 

[wbarnhill]

Personally I haven't had any problems with eBay and PayPal. Watch for warning signs for fraudulent sellers or buyers and your time there will be fine.

As for how the internet works... isn't it packet pushing pixies?

 

[robsingles]

Just to comment on eBAY I have been involved with probally over 500 transactions, and I less than 1 percent of them have been negitive. Infact I have had the post office loose or someone there stole 3 packages that were all sent out on the same day and none of them showed up to the recipients. So the postoffice has caused more problems than ebay.
Ebayer be ware.

 

[AirBaker]

Just to comment on eBAY I have been involved with probally over 500 transactions, and I less than 1 percent of them have been negitive. Infact I have had the post office loose or someone there stole 3 packages that were all sent out on the same day and none of them showed up to the recipients. So the postoffice has caused more problems than ebay.
Ebayer be ware.

Post office... Post office? FedEx Ground baby!