AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Fri Feb 23 2007 08:28:53

eBay Security Concerns Pose Communications Challenge

By: Ina Steiner

Sponsored Link

Things seemed to converge this week on the security front, with three separate incidents worrying eBay users.

An alleged fraudster using the name Vladuz accessed a handful of eBay customer service reps' email accounts and taunted eBay on discussion boards.

An eBay vendor left customer information on publicly accessible pages on its site.

And reports of a large amount of eBay account hijackings made it into the press (the Mirror) and have been circulating among eBayers.

People usually speculate that eBay has been hacked when they see account takeovers - also known as hijackings, particularly on a large scale like the one referenced in the Mirror article above. But as long as fraudsters use social engineering techniques to trick people into revealing their passwords, there isn't a need for them to hack into eBay's databases.

Now, fraudsters are committing phishing on larger scale through "pharming" attacks. Pharming occurs when people are redirected to scam site set up to harvest passwords or install malware on the victims' computers such as key-loggers. And in fact, InfoWorld reports that a large-scale pharming attack occurred last week and targeted 65 financial targets, including eBay and PayPal.

What's perhaps most frustrating to users is the feeling that eBay keeps them in the dark about incidents, leading to feeling of distrust and cynicism. eBay executives are probably just as frustrated, feeling they know how best to protect users and wanting to limit information available to fraudsters.

Communication is key in any relationship. eBay now has a place where they can speak to users directly - quickly and without the public-relations spin that is the norm for corporations. The eBay Chatter blog could be a supplement to eBay's Town Hall meetings where eBay executives speak one-on-one with users. This week, eBay used the Chatter blog to clear up some misperceptions about a Wall Street analyst report to great effect.

These days, users can react immediately to events, such as last night's reappearance of Vladuz on eBay Germany's discussion boards. They can use forums, blogs, and even videos on YouTube to "self publish." This opens up a new challenge to the public relations industry in every field. It will be interesting to see how corporations, including eBay, meet this challenge in a new Web 2.0 world.




Comments (9) | Permalink

Readers Comments

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: Helen

Fri Feb 23 12:23:38 2007

Ina,

You seem to have missed the fact that Vladuz actually 'signed' hundreds, if not thousands, of the recent account hijackings. He laso posted as a 'pink' on the eBay.com Trust & Safety discussion board last night, not just the german board as you've reported.

It's proving a very fine line between eBay starving the hacker of oxygen and undermining a lot of user confidence by apparently having to correct incomplete or inaccurate previous statements each time the hacker surfaces.

Anyone feel 100% confident using eBay at the moment? I don't.

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: anon

Fri Feb 23 12:44:56 2007

I don't think that the intention of 'Vladuz' is to defraud people. It would seem that he wants to expose the major flaws in Ebay's security. And it would seem to be working! Still, those stupid pinks should know better than to give their passwords out to phishers. ;)

I'm not condoning Vladuz's actions, but it is kind of satisfying to see Ebay's PR team exposed as the bunch of smoke blowers they are. How many more lies have they told?

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: FireMeg

Fri Feb 23 12:46:13 2007

eBay is just playing a betting game - one that they are pretty adept at.  eBay is betting that they can keep these three stories out of the mainstream media.  Their efforts to do so are usually very effective.  This time however, it seems that their efforts are actually creating a much worse situation.  The thread on the T&S board is getting posts pulled repeatedly, and users are turning to other forums of discussion (auctionbytes, pheebay,ebaymotorssucks, PSU) and other forms of expression (You Tube etc.).

It may be creating a PR nightmare as you suggest, and I believe it probably is.  However, eBay could stay ahead of the mess by being open and honest with users.  What is worse for a user, having someone tell you to be careful of scams and being a bit paranoid, or having your account hijacked without your knowledge and having to deal with the related mess?

I've seen many posts to the eBay boards in the past few days that were later pulled.  Many of these posts did not appear to break any eBay policies or rules whatsoever, were on topic and would have been very helpful to possible readers.

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: dimes

Fri Feb 23 21:01:13 2007

The more posts eBay pulls, the more the posters will seek out alternative sites on which to comment.

The more sites on which people comment, the more viral the story becomes.

Props to Ina and to firemeg for creating two of those alternate sites.

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: vdovault

Sat Feb 24 10:00:23 2007

The link I posted above speaks for itself...ebaY has officially jumped the shark in terms of its societal relevance and viability as a business model.

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: Randy Smythe

Sat Feb 24 17:34:16 2007

eBay is pretty good at this PR game but my guess is this Vladuz character has got them spinning. I wonder if he's a disgruntled seller.

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: Feedback Secrets

Sun Feb 25 14:47:36 2007

eBay should focus their time and energy on upgrading their security instead of banning unsuspecting users with their account suspension policy.  As an eBay user, I'm not comfortable with using eBay at this moment.  

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: Feedback Secrets

Sun Feb 25 14:48:14 2007

eBay should focus their time and energy on upgrading their security instead of banning unsuspecting users with their account suspension policy.  As an eBay user, I'm not comfortable with using eBay at this moment.  

eBay Security Concerns Pose Communications Challenge   eBay Security Concerns Pose Communications Challenge

by: E-Bay Scam Victim

Tue Feb 27 07:40:06 2007

Having been one of the unfortunate victims of scamming on E-Bay, I will never use them again. Although their customer service representative was superb, I now have absolutely no confidence in their service whatsoever. I never access sites from emails, and was not a victim of phishing, my account was quite simply hacked in to!



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.