Feeds

eBay 'second chance' fraud reaches UK

Buyer beware

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Scammers are impersonating eBay sellers in an attempt to hoodwink users of the online auction site into handing over payment for non-existent goods.

If the person who wins an auction on the site doesn't pay up, the second highest bidder of an auction may be offered the option to purchase goods at his offer price. These "second chance offers" are the focus of the fraudulent scams.

Steve Rawlinson, managing director of UK ISP ClaraNet, received a number of "second chance" offers for high value auction items he had bid on. At first he was pleased to receive the "offer" but on closer inspection realised the emails were bogus. He pulled out before sending any payment. "I had several which I realised were fraudulent without going through with a purchase. The eBay user name on the emails was not the name of original seller. That could be because a seller had more than one user name but the names in this case were in different parts of world," Rawlinson explained. "The sellers in the bogus email requested to correspond through third email address, which further aroused my suspicions." He tracked some of the bogus emails to a source IP address in Germany.

Although Rawlinson lost nothing through the attempted scam, a few less technically-savvy net users have lost out through the ruse. The scam - still rare, at least for now - is more sophisticated than typical phishing frauds because it is targeted and based on knowledge of a user's bidding history. "The seller will have no idea anything amiss is going on," Rawlinson added.

Knowledge of a user's bidding history is publicly available on eBay but how are fraudsters able to send email to the correct people? An eBay spokesman explained that it was possible to email someone through the site without knowing their private email address. This facility is used to allow bidders to pose questions about an auction items, for example. Trading using this facility is banned by eBay. Users can also opt-out of the contact facility that allows other members to send them email. The function also comes with various 'health warnings' about safe trading.

Nonetheless it seems that emails sent through this facility are good enough to be mistaken as genuine second chance offers. Rawlinson said that even though eBay systems may not be vulnerable its security policy about how emails can be sent through the site ought to be reviewed. ®

Related stories

Phishers suspected of eBay Germany domain hijack
eBay domain hijacker arrested
eBay denies South Africa 419 hacking report
Teenager gets three years for eBay scam
eBay scammer gets stung
UK banks launch anti-phishing website

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.