eBay plays an unwitting role in triangulation fraud, according to security expert and blogger Brian Krebs, who warns that sellers should be wary of shoppers who ask to send their orders to a different address from their billing address. This time of year, though, it’s hard to resist the temptation as holiday shoppers wish to send gifts to family and friends far afield.
Krebs said a Top 500 online merchant reached out to him about the problem. Here’s how he describes the scam:
“The scheme works like this: An auction fraudster sets up one (or multiple) eBay accounts and sells legitimate products. A customer buys the item from the seller (fraudster) on eBay and the money gets deposited in the fraudster’s PayPal account.
“The fraudster then takes the eBay order information to another online retailer which sells the same item, buys the item using stolen credit card data, and has the item shipped to the address of the eBay customer that is expecting the item. The fraudster then walks away with the money.
“One reason this scheme is so sneaky is that the eBay customers are happy because they got their product, so they never complain or question the company that sent them the product. For the retailer, the order looks normal,..”
Krebs said eBay responded to his inquiry with a statement and told him that the use of stolen or fraudulent credit card numbers to purchase goods on eBay is by no means unique to eBay, and it pointed him to an eBay Enterprise blog post about triangulation fraud.
On its blog post, eBay explains that the seller may not actually realize he or she is engaging in fraud – they may be engaged in a “work at home” job, it explains. “Postings for seller positions are easily found on the web, and typically advertise the seller keeps a significant percentage of the sale – typically 30%.”
Krebs said the victimized retailer who reached out to him said he believes fraudsters targeted his company because it is relatively small and less likely to rely on sophisticated fraud tools. You can read more about what measures the retailer put in place in the KrebsonSecurity blog post.
Comment on the AuctionBytes Blog.