Feeds

eBay 'second chance' fraud reaches UK

Buyer beware

  • alert
  • submit to reddit

Build a business case: developing custom apps

Scammers are impersonating eBay sellers in an attempt to hoodwink users of the online auction site into handing over payment for non-existent goods.

If the person who wins an auction on the site doesn't pay up, the second highest bidder of an auction may be offered the option to purchase goods at his offer price. These "second chance offers" are the focus of the fraudulent scams.

Steve Rawlinson, managing director of UK ISP ClaraNet, received a number of "second chance" offers for high value auction items he had bid on. At first he was pleased to receive the "offer" but on closer inspection realised the emails were bogus. He pulled out before sending any payment. "I had several which I realised were fraudulent without going through with a purchase. The eBay user name on the emails was not the name of original seller. That could be because a seller had more than one user name but the names in this case were in different parts of world," Rawlinson explained. "The sellers in the bogus email requested to correspond through third email address, which further aroused my suspicions." He tracked some of the bogus emails to a source IP address in Germany.

Although Rawlinson lost nothing through the attempted scam, a few less technically-savvy net users have lost out through the ruse. The scam - still rare, at least for now - is more sophisticated than typical phishing frauds because it is targeted and based on knowledge of a user's bidding history. "The seller will have no idea anything amiss is going on," Rawlinson added.

Knowledge of a user's bidding history is publicly available on eBay but how are fraudsters able to send email to the correct people? An eBay spokesman explained that it was possible to email someone through the site without knowing their private email address. This facility is used to allow bidders to pose questions about an auction items, for example. Trading using this facility is banned by eBay. Users can also opt-out of the contact facility that allows other members to send them email. The function also comes with various 'health warnings' about safe trading.

Nonetheless it seems that emails sent through this facility are good enough to be mistaken as genuine second chance offers. Rawlinson said that even though eBay systems may not be vulnerable its security policy about how emails can be sent through the site ought to be reviewed. ®

Related stories

Phishers suspected of eBay Germany domain hijack
eBay domain hijacker arrested
eBay denies South Africa 419 hacking report
Teenager gets three years for eBay scam
eBay scammer gets stung
UK banks launch anti-phishing website

Next gen security for virtualised datacentres

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.