more on more on eBay faces up to online fraud The online auctioneer eBay has admitted an "extreme growth" in the number of personal accounts being hijacked by fraudsters.

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jason Weisberger <jweisberger () mac com>
Date: December 16, 2005 7:37:04 PM EST
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] more on eBay faces up to online fraud The online  
auctioneer eBay has admitted an "extreme growth" in the number of  
personal accounts being hijacked by fraudsters.

Ebay simply doesn't use email to contact its customers without being  
offered a proactive impetus. You will never get an email from PayPal  
or Ebay asking you to click a link and enter your password. The most  
you'll see email from them, in that area, is in response to you  
hitting the website and reporting a password lost. They email you a  
link to go to an enter a code they supply to confirm your identity.  
Then you change your password. They also send me enough email to know  
that spoof () ebay com and spoof () paypal com is where to forward any  
weird looking email. They respond very quickly and let you know if it  
is an establish phishing attempt that they have seen already or if  
its new, thank you for forwarding it in AND then reiterate that you  
should never trust an unsolicited email asking for your password.

Ebay uses an internal messaging system inside of your my.ebay page  
for passing messages back and forth between users and some Ebay  
contacts. They simply try not to use email for things that would in  
turn open a door and allow the spoofs to mistaken for legitimate.

I'm also a little confused as the context or accuracy of the quotes  
in the BBC article, or the actual role of the gentleman interviewed.   
I know someone who is tied into the Fraud Investigations and Law  
Enforcement Relations global management infrastructure at Ebay and  
everything I've heard leads me to believe the opposite of what I read  
in the article. Ebay seems to invest a lot in investigating and  
preventing any sort of criminal activity, across all of its various  
business units, and works very closely with law enforcement in every  
country they have a presence in.

On Dec 16, 2005, at 3:28 PM, David Farber wrote:

> Begin forwarded message:
>
> From: Bob Frankston <Bob2-19-0501 () bobf frankston com>
> Date: December 16, 2005 3:21:42 PM EST
> To: dave () farber net, ip () v2 listbox com
> Subject: RE: [IP] eBay faces up to online fraud The online  
> auctioneer eBay has admitted an "extreme growth" in the number of  
> personal accounts being hijacked by fraudsters.
>
> Given the amount of phishing I’m surprised there are any uncompromised
> accounts.
>
> I'd be interested in knowing more about what eBay and others are  
> doing to
> try to get ahead of the problem.
>
> Yes, I’m a bit obsessed about phishing because it compromises basic  
> social
> mechanisms and gets past the normal social controls on such  
> activity. The
> Internet has introduced kind of relationships that defy our familiar
> models.
>
> I don't expect a simple answer but I'm still puzzled by the lack of  
> visible
> law enforcement activity -- are there examples of prosecution for such
> crimes other than the individual sellers who get caught. I presume  
> they are
> the small disposable players.
>
> -----Original Message-----
> From: David Farber [mailto:dave () farber net]
> Sent: Friday, December 16, 2005 15:13
> To: ip () v2 listbox com
> Subject: [IP] eBay faces up to online fraud The online auctioneer  
> eBay has
> admitted an "extreme growth" in the number of personal accounts being
> hijacked by fraudsters.
>
> http://news.bbc.co.uk/1/hi/business/4533154.stm
>
> eBay faces up to online fraud
> The online auctioneer eBay has admitted an "extreme growth" in the
> number of personal accounts being hijacked by fraudsters.
>
> Criminals are obtaining the secret passwords of eBay subscribers and
> using their sites to conduct bogus auctions for non-existent goods.
> In a growing number of cases, would-be buyers on the UK's most used
> website are paying thousands of pounds to apparently reputable
> sellers after winning auctions on the site - only to find out they
> had been dealing with criminals.
> In an interview with Radio 5 Live, eBay would not reveal exactly how
> many accounts had been hijacked, although a company spokesman refused
> to deny that possibly tens of thousands had been compromised.
> "Last year there was extreme growth," said Gareth Griffiths, head of
> trust and safety for eBay. "Certainly last year it was a high-growth
> area for us, it's a painful issue."
> In one recent case, up to ten people are thought to have paid a total
> of £15,000 for non-existent hot tubs, while another would-be buyer
> thought he had purchased a £4,000 camper van - which turned out not
> to exist.
> Grab and go
>
> In both cases eBay accounts had been hijacked to sell off the non-
> existent goods.
>
>
>
>
> It gets to the point where that is obstructive to our inquiry
> Ruth Taylor, North Yorkshire Trading Standards
> The hijacking of sellers' accounts is a particularly sensitive issue
> for the auction site, which relies to a large degree on the level of
> trust between the buyer and seller of goods for its success. There
> are more than three million items for sale on the site at any one  
> time.
>
> eBay blames its account holders for not installing proper security on
> their home computers and for replying to so-called "phishing" emails.
>
> These are fake emails made to look like official eBay messages and
> which demand the secret passwords to users accounts.
>
> Viruses are also said to be infecting home computers by installing
> themselves inside hard drives, where they monitor the keystrokes of
> eBay users, make a record of passwords before sending them onto the
> fraudsters.
>
> 'Nothing to do with us'
>
> Describing the problem as an "off eBay" issue, Mr Griffiths said the
> problem was "nothing to do with us".
>
> In several cases examined by the BBC the eBay users who had their
> accounts hijacked claimed to be computer literate and vehemently
> denied that they had replied to phishing emails.
>
>
>
> "There is no way I would have done that," said Dr Oliver Sutcliffe a
> biochemist from Nottingham. His site was hijacked over the space of
> one weekend to sell thousands of pounds worth of electrical goods.
>
> EBay is also under fire from law enforcement officials and
> manufacturers over levels of crime on the site and the levels of
> cooperation they receive.
>
> Trading standards officers who regularly investigate crimes
> perpetrated on the site have accused eBay of being "obstructive" in
> the way it shares information. North Yorkshire Trading Standards says
> eBay can take up to two months to provide the names and addresses of
> suspects it is pursuing.
>
> "If it takes up to two months, then it is eating in to a lot of time
> that we have to make prosecutions," said Ruth Taylor, who heads the
> authority's special investigations unit. "It gets to the point where
> that is obstructive to our inquiry."
>
> Faking it
>
> Concerns have also been raised about the large amount of counterfeit
> goods on sale on eBay.
>
> Adidas told the BBC that it monitored up to 12,000 auctions involving
> its goods every day on the British site - yet it estimated that up to
> 40% of all Adidas products available were counterfeit.
>
>
>
> eBay says it has a special relationship with brand owners, who can
> notify the site of auctions involving counterfeit goods which will
> then be taken down within hours.
>
> However, the Ben Sherman clothing brand says it recently took eBay
> five days to take down an auction of counterfeit clothing - by which
> time much of it had been sold.
>
> "I think one must say that it's highly unsatisfactory," said Barry
> Ditchfield, Ben Sherman's brand protection manager.
>
> "With all the amount of profits that eBay makes, then there is ample
> scope for additional staff. Frankly, it is totally unsatisfactory,
> not just for Ben Sherman but for all brand holders.
>
> EBay have rejected the accusations, saying that the company has a
> good relationship with law enforcement officials.
>
> "The satisfaction level is generally very high," said Gareth  
> Griffiths.
>
>
>
> Five Live Report: Policing eBay can be heard on Radio Five Live at
> 1930BST on Sunday 18 December or afterwards at the Five Live Report
> website.
>
> Story from BBC NEWS:
> http://news.bbc.co.uk/go/pr/fr/-/1/hi/business/4533154.stm
>
> Published: 2005/12/15 23:56:44 GMT
>
> © BBC MMV
>
> -------------------------------------
> You are subscribed as BobIP () Bobf Frankston com
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/
>
>
>
>
>
> -------------------------------------
> You are subscribed as jweisberger () mac com
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/