Feeds

eBay 'second chance' fraud reaches UK

Buyer beware

  • alert
  • submit to reddit

3 Big data security analytics techniques

Scammers are impersonating eBay sellers in an attempt to hoodwink users of the online auction site into handing over payment for non-existent goods.

If the person who wins an auction on the site doesn't pay up, the second highest bidder of an auction may be offered the option to purchase goods at his offer price. These "second chance offers" are the focus of the fraudulent scams.

Steve Rawlinson, managing director of UK ISP ClaraNet, received a number of "second chance" offers for high value auction items he had bid on. At first he was pleased to receive the "offer" but on closer inspection realised the emails were bogus. He pulled out before sending any payment. "I had several which I realised were fraudulent without going through with a purchase. The eBay user name on the emails was not the name of original seller. That could be because a seller had more than one user name but the names in this case were in different parts of world," Rawlinson explained. "The sellers in the bogus email requested to correspond through third email address, which further aroused my suspicions." He tracked some of the bogus emails to a source IP address in Germany.

Although Rawlinson lost nothing through the attempted scam, a few less technically-savvy net users have lost out through the ruse. The scam - still rare, at least for now - is more sophisticated than typical phishing frauds because it is targeted and based on knowledge of a user's bidding history. "The seller will have no idea anything amiss is going on," Rawlinson added.

Knowledge of a user's bidding history is publicly available on eBay but how are fraudsters able to send email to the correct people? An eBay spokesman explained that it was possible to email someone through the site without knowing their private email address. This facility is used to allow bidders to pose questions about an auction items, for example. Trading using this facility is banned by eBay. Users can also opt-out of the contact facility that allows other members to send them email. The function also comes with various 'health warnings' about safe trading.

Nonetheless it seems that emails sent through this facility are good enough to be mistaken as genuine second chance offers. Rawlinson said that even though eBay systems may not be vulnerable its security policy about how emails can be sent through the site ought to be reviewed. ®

Related stories

Phishers suspected of eBay Germany domain hijack
eBay domain hijacker arrested
eBay denies South Africa 419 hacking report
Teenager gets three years for eBay scam
eBay scammer gets stung
UK banks launch anti-phishing website

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.