|Fri Feb 23 2007 08:28:53|
eBay Security Concerns Pose Communications Challenge
By: Ina Steiner
Things seemed to converge this week on the security front, with three separate incidents worrying eBay users.
An alleged fraudster using the name Vladuz accessed a handful of eBay customer service reps' email accounts and taunted eBay on discussion boards.
An eBay vendor left customer information on publicly accessible pages on its site.
And reports of a large amount of eBay account hijackings made it into the press (the Mirror) and have been circulating among eBayers.
People usually speculate that eBay has been hacked when they see account takeovers - also known as hijackings, particularly on a large scale like the one referenced in the Mirror article above. But as long as fraudsters use social engineering techniques to trick people into revealing their passwords, there isn't a need for them to hack into eBay's databases.
Now, fraudsters are committing phishing on larger scale through "pharming" attacks. Pharming occurs when people are redirected to scam site set up to harvest passwords or install malware on the victims' computers such as key-loggers. And in fact, InfoWorld reports that a large-scale pharming attack occurred last week and targeted 65 financial targets, including eBay and PayPal.
What's perhaps most frustrating to users is the feeling that eBay keeps them in the dark about incidents, leading to feeling of distrust and cynicism. eBay executives are probably just as frustrated, feeling they know how best to protect users and wanting to limit information available to fraudsters.
Communication is key in any relationship. eBay now has a place where they can speak to users directly - quickly and without the public-relations spin that is the norm for corporations. The eBay Chatter blog could be a supplement to eBay's Town Hall meetings where eBay executives speak one-on-one with users. This week, eBay used the Chatter blog to clear up some misperceptions about a Wall Street analyst report to great effect.
These days, users can react immediately to events, such as last night's reappearance of Vladuz on eBay Germany's discussion boards. They can use forums, blogs, and even videos on YouTube to "self publish." This opens up a new challenge to the public relations industry in every field. It will be interesting to see how corporations, including eBay, meet this challenge in a new Web 2.0 world.