AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Sun Mar 18 2007 23:18:05

Urgent Warning to eBay Sellers about New Fraud

By: Ina Steiner

Sponsored Link

I wrote on Friday about scammers using eBay's "Ask Seller a Question" feature to help them harvest email addresses in order to perpetrate fraud. The "Ask Seller a Question" feature is designed to allow potential buyers to ask sellers questions without either party having access to the other's email address, but is now being exploited.

I'm hearing from users that the scammers are stepping up their attacks in an extremely devious way. The technique involves asking the seller a question about an "identical item" they saw listed on eBay, and includes a link to the supposed listing. Unwary sellers who go to view the item by clicking or pasting in the link are taken to a spoof site, where they are asked to sign in again (it is not unusual to have to log-in to eBay for different tasks). They then may unwittingly enter their eBay User name and password into the spoof site, which is designed to harvest the information for fraudulent activities such as account hijackings.

Not only is the seller vulnerable, but for auctions where Questions and Answers are displayed on the original auction description page, potential buyers may fall for the scam.



This is an urgent matter - make sure you understand the scam and avoid falling for it.




Comments (22) | Permalink

Readers Comments

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Greg Sury

Mon Mar 19 01:51:23 2007

this is exactly what happened to me, unfortunately I wasn't paying attention and clicked too fast - Change your password on Ebay and you will be OK

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Greg Sury

Mon Mar 19 01:52:27 2007

.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Jim

Mon Mar 19 06:23:41 2007

Why have Ebay not taken greater steps to warn customers of this and other security hazards? Removing 'Marketplace Safety Tips' is not exactly a wise move either.

Can it now be assumed that EBay have now passed on the duty of informing customers of security problems onto Auctionbytes and Symantec?

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Beyond the Treeline

Mon Mar 19 07:27:17 2007

Devious ... perhaps ... but only if the seller is caught with their eyes down (so to speak).

Because eBay does not allow HTML within on-system correspondence, it is // not //possible to *click* onto such a link.

That would leave cutting and pasting, at which point, most users would be able to tell that the URL they're cutting and pasting is a string of garbage not associated with the site.

There are, of course, exceptions (such as those not paying attention, or URLs that are close, but no cigar ...)

Legitimate messages are mirrored within eBay My Messages. Similarly, users can view an e-mail messages full e-mail headers for spoofed origins as an extra layer of security.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Ina Steiner

Mon Mar 19 07:35:56 2007

I think the fact that only "legitimate" messages go through eBay's My Messages, it gives sellers a false sense of security. These scam questions are showing up in My Messages. That's what makes it so very tricky. And I think the URL looks pretty convincing.

That's now three people who have fallen for it, think of how many people actually have - so the flip side is to increasingly watch out for hijacked accounts.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: scamthis

Mon Mar 19 08:31:59 2007

This has been going on for 6 months or better. But I'm glad Ina wrote about it.

eBay should be responsible for the content on their website and educate the members about bad situations like this!

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Angelat

Mon Mar 19 09:16:19 2007

NO matter how hard you try, you can't protect people from themselves. eBay should have remained "just a venue."

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: firemeg

Mon Mar 19 09:51:40 2007

Yet another instance where eBay has the ability to stop this, but chooses not to do so.  You cannot use html code (even quotation marks) in MyMessages, yet anyone can put any old address in their they like?  How just plain stupid is that?  Or how about all of those people who cannot get a Cookie Jar listed on eBay because it uses the word "cookie?"

On one hand I know that the fraud issue on eBay is immense, and probably very hard to combat...on the other there are simple things that eBay could do (easily in less than one day of coding) that would prevent literally thousands of scams per day.

1) Prevent listings from being uploaded with any mention of "redirect" or like code in the html.
2) Either delete or change the color of the "s" gif so scammers can't use the transparent eBay-hosted image to scam people.
3) Stop the use of "http://" and "www" within MyMessages.  
4) Prevent use of "words" (strings of letters & numerals without spaces) within MyMessages that are over 20 letters in length.
5) Institute a phone bank that would deal with password changes.  This would not eliminate all fraud, but would prevent scammers from changing passwords, thus eBay users could go into their hijacked accounts and change passwords and edit fraudulent content.
6) Have some little bit (any) type of verification before a new seller account can be created...for gods sake.
7) Actually have the security measures and filters IN PLACE that eBay so feverishly talks about when answering questions about why items do not index quickly.

Maybe we'll just have to wait 18 months until a desktop app is released.  

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Beyond the Treeline

Mon Mar 19 15:17:25 2007

No's 3 & 4 -- absolutely impractical.

Expect a further decline in sales referrals if these options came to fruition.

Create too much work for the buyer, and its lights out.

Sellers and sellers alike: Pay attention to what you're clicking on.

Would you cross the street without looking for traffic? Sure, you could, but you may get rolled by 18 speeding tires. Appreciation for safe surfing is everyon's responsibility. The onus does not lie entirely with any given venue.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: weribbit

Mon Mar 19 15:35:48 2007

IT HAPPENED TO ME! 6 hours before auction was to close, I received TWO emails from different ID's, thorough eBay messaging asking if my listing was also the same as another providing me a link to check it out. Because the message came through eBay, I had no concern in being led to the (so I thought) eBay sign-in page asking for me to log-in, so naturally I logged back into eBay (so I thought) & asked both parties to be more specific on what listing of mine was duplicated?

At the same time, I received an email form the highest bidder who thought they won, asking why I closed the auction early ... I told him I had no idea what he was asking about? Immediately went to my listing & found for myself that it had ENDED EARLY.

All within 5 minutes of receiving those initial questioning emails, in front of my own eyes, my auction was SOLD to the highest bidder at $610 which may sound great, but what I was selling was 2 tickets to a Chargers Playoff game 4 days before the game & tickets were going for over $1000! I was floored with panic!

I paced back & forth it seemed for hours, though minutes, troubleshooting in my mind how this happened, who was at fault & what was I to do? I stumbled across an eBay phone number (hard to believe) & was told to go to eBay on-line chat forum where they would handle my problem. I was reassured that my account was secured & they were aware of this man using others legitimate ID's asking questions.

They also told me that they had no access to my original listing allowing me to repost it, therefore, I had to recreate my listing & re-list it for a 3 day auction in hopes it would be able to attract enough potential buyer allowing me to get a true market price.  It took shy of 6 hours & 35 minutes before it appeared!  Not only did I feel violated but anxious to get the listing up & then to top it all off was shocked to find that eBay warns that it’s okay for a listing to take up to 6 hours to appear!

Less than 24 hours before game time, the tickets sold for $835.  Was I pleased? Naturally, because I always keep faith that everything is an opportunity to learn from & everything happens for a reason.  I am appalled that eBay doesn't have a better-secured site, no different than a banks website.

Do I still sell on eBay?  Yes.  Do I still buy on eBay?  Yes.  Do I think it will happen again?  ABSOLUTELY!

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: PJ

Mon Mar 19 16:38:31 2007

I track eBay security issues in the news, on forums and Blogs and I do some searches on eBay looking for fraud. It seems the issues have dramatically increased in the last few weeks and many eBay forum postings that detail the issues get pulled and there was even a story on ShortNews that was pulled(interesting). However, during this damaging period of fraud and scam illumination, analysts seem to be coming out of the woodwork with ''Buy'' recommendations. Is this just coincidence? Or is eBay stock artificially propped up despite the reality that their numbers may be grossly inaccurate? hmmmmmm......

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Donna

Mon Mar 19 17:11:36 2007

Download the eBay Toolbar, folks.    When you click a link that takes you to a spoof site, the toolbar automatically warns you that the site you are about to sign into is not an eBay site.  The toolbar is free, and you can find it by searching on  eBay Toolbar  from the Help menu.  

If you don't want to download the toolbar, check your  My Messages  folder to see if the message is there. If it isn't, it's a fake/spoof email, and it should be forwarded to  spoof@ebay.com .  That way, other unsuspecting eBayers won't fall prey to the malicious scammer.  

I advise my students to always ignore mail that comes to their regular email inbox; instead, use it as a reminder to check eBay's  My Messages  folder.  I think eBay is doing all it can to prevent fraud on its site.  Getting the word out what is difficult;  education is available online through help files or visit eBay's Site Map.  
Hope that helps.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: dimes

Mon Mar 19 18:03:28 2007

Many people want nothing to do with the spyware-packed eBay toolbar.

As far as checking for authenticity using ‘My Messages’, that’s precisely where the scammers are sending fake ASQ messages.  

In other words, scammers are sending questions poisoned with false redirect links directly to sellers’ My Messages eBay inboxes.  Should the sellers read the message and login in order to reply, their passwords and ID’s are being stolen by thieves.  

No longer can you trust that something that appears in My Messages is authentic or safe.

Thus, the title of the blog entry – “Urgent Warning!”

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: weribbit

Mon Mar 19 18:04:21 2007

The problem that SOME have seemed to miss is that the message providing the naughty link is COMING DIRECTLY FROM WITHIN EBAY MESSAGES!  Via eBay's own fraud guiidelines, they state to ONLY open messages from within eBay's message system, YET THAT IS WHERE & HOW THE SCUMS ARE NOW GETTING THROUGH TO US TO SCAM!  I must disagree that eBay is doing all that it can to prevent fraud ... if they were, they wouldn't have someone accessing accounts from within eBays message system!  I NEVER have experienced this type of fraud, or anything like it, from a reliable on-line banking website!  Have you?

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: James

Tue Mar 20 15:31:24 2007

Just turn off HTML format emails in your eBay account preferences. Seeing emails in plaintext prevents the URL on the email being displayed differently from the underlying URL. Virtually all spammer messages are in HTML format, so if you get an HTML email claiming to be via eBay, you can immediately be suspicious of it.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Justin

Wed Mar 21 12:44:17 2007

I fell for a similar tactic, but someone was responding to a "Want it now" AD I had placed for a very specific hard drive, I was all excited when someone had responded, I realized it within about 30 seconds and was able to change my password before any harm became of me or any of my active auctions.  I preach to others for falling for this crap!!

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Theresa

Wed Mar 21 22:55:47 2007

Why does Ebay make us sign in an out excessively anyway.  Constantly I am signing in - it is ridiculous.  I work eight hours a day on ebay and must sign in 100 times a day.  There is no need for that.  I can work all day with my online banking accounts and I am never asked for multiple sign on's.  This is a flaw in the Ebay security system no one else is responsible but Ebay.  We must be diligent to protect ourselves but we should also demand more protection.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: BS

Thu Mar 22 01:56:19 2007

Ebay has someone on the inside selling information. My password is a 9 digit number and one day I tried to log in one of my ebay id's I haven't used in awhile with high feedback. Could not get in went to id and it was selling a couple of waverunners and other high dollar items. Emailed ebay and took them 2 days to yank items. No virus or keyloggers on my pc. Ebay is more about money and taking care of the big guy now. Wish it was still just a venue. Taking my auctions and customers and moving.

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: Bryan

Sun Apr 1 14:52:41 2007

TKO Notices: eBay states that the fees are credited back to the Seller but eBay does not credit the FVF. EBAY PROFITS FROM FRAUD!!! Every Seller I have spoken with has had the same problem. I've resported this to eBay and they keep saying it it a one time system error but this keeps happening over and over. ALWAYS CHECK YOUR INVOICE FOR CREDITS FROM EBAY ON TKO NOTICES!!!

Urgent Warning to eBay Sellers about New Fraud   Urgent Warning to eBay Sellers about New Fraud

by: ann

Wed Jun 20 08:53:28 2007

I listed a notebook computer for sale on eBay last night. Within a few minutes I got a notice that it was sold (Buy Now).  I thought something was wrong because it didn't show up in the listings yet, so how could anyone know about it??  The buyer had a "private feedback" that also made me feel uncomfortable. About an hour later I got a message from eBay that they have cancelled my listing due to bidding activity that took place without the account owner's authority. Then I got an email from the "buyer" who was asking me to send "her" my PayPal information, and to send it somewhere in Nigeria!!  How stupid can you get??

I'm pleased that eBay discovered the fraud, but very concerned how the person knew the item was listed when it wasn't shown yet?

This has made me think twice about doing more business on eBay.

Click to view more comments
1 2  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.