Feeds

eBay 'second chance' fraud reaches UK

Buyer beware

  • alert
  • submit to reddit

Security for virtualized datacentres

Scammers are impersonating eBay sellers in an attempt to hoodwink users of the online auction site into handing over payment for non-existent goods.

If the person who wins an auction on the site doesn't pay up, the second highest bidder of an auction may be offered the option to purchase goods at his offer price. These "second chance offers" are the focus of the fraudulent scams.

Steve Rawlinson, managing director of UK ISP ClaraNet, received a number of "second chance" offers for high value auction items he had bid on. At first he was pleased to receive the "offer" but on closer inspection realised the emails were bogus. He pulled out before sending any payment. "I had several which I realised were fraudulent without going through with a purchase. The eBay user name on the emails was not the name of original seller. That could be because a seller had more than one user name but the names in this case were in different parts of world," Rawlinson explained. "The sellers in the bogus email requested to correspond through third email address, which further aroused my suspicions." He tracked some of the bogus emails to a source IP address in Germany.

Although Rawlinson lost nothing through the attempted scam, a few less technically-savvy net users have lost out through the ruse. The scam - still rare, at least for now - is more sophisticated than typical phishing frauds because it is targeted and based on knowledge of a user's bidding history. "The seller will have no idea anything amiss is going on," Rawlinson added.

Knowledge of a user's bidding history is publicly available on eBay but how are fraudsters able to send email to the correct people? An eBay spokesman explained that it was possible to email someone through the site without knowing their private email address. This facility is used to allow bidders to pose questions about an auction items, for example. Trading using this facility is banned by eBay. Users can also opt-out of the contact facility that allows other members to send them email. The function also comes with various 'health warnings' about safe trading.

Nonetheless it seems that emails sent through this facility are good enough to be mistaken as genuine second chance offers. Rawlinson said that even though eBay systems may not be vulnerable its security policy about how emails can be sent through the site ought to be reviewed. ®

Related stories

Phishers suspected of eBay Germany domain hijack
eBay domain hijacker arrested
eBay denies South Africa 419 hacking report
Teenager gets three years for eBay scam
eBay scammer gets stung
UK banks launch anti-phishing website

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.