Feeds

How scammers run rings round eBay

Buyers fleeced, eBay practically powerless

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Everyone knows that buying and selling on eBay is precarious. Even eBay admits this and gives basic advice on its site that it believes helps eliminate most fraud.

But there appears to be a basic weakness in eBay's system that fraudsters and petty thieves are exploiting. It occurs when buyers pay sellers direct into the sellers' bank account by cheque or cash. The following is a real example that occurred in September this year (names withheld for legal reasons). Let's call the buyer Tom and the seller Harry.

Tom won the bid for a mobile phone and agreed to pay Harry (who lives 80 miles away from Tom) £185 plus £6 insurance using cash at a branch of Harry's bank. A few days later a box arrived. It contained a battery charger and an earplug, but no phone. Tom informed Harry who said that he believed someone at the post office must have stolen the phone and that he would look into it.

Days passed and Tom then asked Harry to claim on the insurance. Harry said he had lost the insurance slip and would instead refund 50 per cent of the £185. A week passed and Tom called Harry to say no payment had been received and that he was losing his patience and would report the matter to eBay.

Harry made more excuses and stopped answering his mobile phone. Over the next few weeks they spoke occasionally but Harry refused to send any money and blamed Tom for his removal from eBay (subsequent to Tom informing eBay of his loss). Tom contacted Harry's bank but the bank refused to provide Harry's address. Tom only knows Harry's mobile phone number and Hotmail email address.

In summary, Tom spent £196 on a phone that never arrived and he is not alone. As a result of basic research for this story we have been contacted by five people who have experienced similar scams (their stories, in emails, are copied below). The fact is it appears far too easy for this scam to be perpetrated.

Pattern of fraud

The pattern is all too predictable. Buyers and sellers agree not to go through the more secure PayPal system because it costs more to do so. So buyers take the risk of sending the money to the seller who either doesn't send the goods or sends shoddy or fake goods. The sellers protect themselves against prosecution by claiming loss, or disputing the buyer's version of events. The amounts involved - though not insignificant to the buyer - are too small for eBay to want to take the matter further.

There is one other common factor in all these stories. Though the buyers report the matter to eBay they are invariably frustrated at standard email responses and being steered towards a mediation system which costs the buyer £15 and even then may or may not lead to resolution. Alternatively, sellers can claim compensation through eBay and may get a maximum of £105 - if they claim between 30 and 90 days after the event and meet the criteria for payment. In our example above Tom made a claim last month and is still waiting.

A common refrain is: "Should I report this to the police? eBay are not replying to my emails about this and I don't know if the police are aware or not. What should I do?"

eBay declined an interview in relation to this story but instead issued a statement:

"eBay takes the issue of fraud very seriously and investigates every case of fraud reported to it. eBay currently has over 1,000 people worldwide with backgrounds in law enforcement, customer support, advanced computer engineering and analysis dedicated to making eBay one of the safest places to trade online and, in the UK, employs an ex-Scotland Yard officer as liaison point for law enforcement agencies.

"The majority of transactions on the eBay site are completely secure and without incident. Approximately 0.01 per cent of transactions end in a confirmed case of fraud."

This means that for every million transactions, 100 are 'confirmed' fraudulent, though the criteria for this confirmation are not available. Any security consultant will say that is an acceptable level of risk and way below fraud levels on credit cards. Not surprisingly, eBay therefore does not advise people specifically not to pay by cheque or cash payment into a seller's bank account.

Top tips

On the eBay website its 'top tips' state that sellers should ideally use secure payment systems like PayPal (which offers greater levels of protection, though still limited if the seller has little or no track record) and should NOT use money transfer services "like Western Union".

But aside from telling buyers to be wary it does not tell buyers NOT to send cheques or pay directly into sellers' bank accounts (either by money transfer or using cash at a bank branch). Clearly it believes that most such transactions are safe and therefore if the buyer assesses the risk as low, then why not?

Many eBay users may agree - it's 'caveat emptor' applied to the world of online car boot sales. But when Steve Gold, a security consultant, celebrity ex-hacker (he co-hacked the Duke of Edinburgh's Prestel mailbox), and former accountant also gets hit by such a scam you begin to wonder how the mass of eBay's users are avoiding getting stung and whether the 0.01 per cent figure is an accurate reflection of the amount fraud occurring.

Gold, an experienced eBay user, reports that he bought a hard drive for £63 from a man who never sent the item. After weeks of the usual hassle he used 192.com to track the man down to confront him. The seller - somewhat shocked to see his 'victim' - pleaded poverty and illness and apologized profusely. Gold admitted defeat safe in the knowledge that at least he had confronted his fraudster and learnt a useful - if painful - lesson.

Pants down

He now says he uses a mixture of web tools to check out sellers. He pays 192.com £25 per 100 enquiries to get addresses from phone numbers; he uses maporama.com to check out locations of sellers; and he admits he is more cautious than ever.

"eBay is caught with its pants down," he says. "They are neglecting their customers; they should make a shed load of information available to help people to avoid this." Like others Gold says he hit a brick wall when he tried to get other bodies involved: "I went to trading standards - they weren't interested. I even compiled a dossier on the seller and sent it to his local police force. Subsequently they told me they were aware of eBay fraud but don't deal with it." Gold believes the level of fraud on eBay is higher than the 0.01 per cent figure given: "But how can we tell? eBay won't reveal the real figures so we have no way of knowing."

He has a point. Credit card fraud has been reduced over the years by greater public awareness over the levels and types of fraud occurring. eBay is relying on sellers to be 'careful' but the question for the regulatory authorities remains: Is eBay doing enough to protect its users? Those who lose out as a result of this type of scam certainly think not.

Clearly eBay cannot be held responsible for dishonesty among sellers but perhaps it could do a lot more to warn people how easy it is for petty criminals to exploit our desire for a bargain. Maybe it is time for an independent body to track complaints against the system so that buyers can get a better picture of the types and frequency of frauds occurring. ®

Below are a selection of emails from others defrauded via eBay. Names have been omitted for legal reasons:

I was cheated out of £200 when I tried to buy an ipod. I corresponded with the seller, who seemed friendly until I sent my money and he clammed up. I got emails from another apparent victim, who also was a bit shy of giving out his contact details. I suspect the second person was the first in disguise. Top cap it all, the seller gave a bank account for me to deposit the money, which I did, but it turned out that his identity was totally fake - in fact it was someone else's ID. So he had used a real ID (not his own), to open not one but three accounts at Nationwide to use for fake eBay transactions. I contacted the police but the trail went cold. I did manage to get Nationwide to close the accounts down They said he had been taking money out as soon as it hit the account. I tried to contact eBay with the details, saying the guy wasn't returning my emails, they responded with an email saying "why don't you try our arbitration service." I emailed them asking how I could do that if the guy won't respond to me. They replied saying they were sorry about that but maybe I should try their arbitration service. I then asked how I could claim on their insurance policy to reimburse defrauded customers, and they simply replied advising me to try their arbitration service.


I bought a couple of Tiffany items - from different sellers - for my niece last Christmas. One item was fine - the other was a fake. The girl who sold it handled it perfectly. She was very chatty (by email) and was 'touched' when I told her the thing was intended as a gift for my niece etc..... Anyway, when my niece received the item, it was obviously a fake. We did consult Tiffany, who confirmed that they hadn't ever manufactured a piece in that style. I got back on to her and her response was something not so far short of f off - but without the swear words. I was furious. I contemplated forms of retribution. I did, however, go thru the Safe Harbour system but with no success. I later made a claim from eBay but it was such a long-winded process that i kind of forgot to finish it off. So I just lost the money. From my experience I'd suggest eBay needs to sort out its claims policy. It's such a hassle that it really is off-putting. I still use eBay but without the same enthusiasm.


I have a reseller friend who was a victim of an eBay scam, and to add insult to injury not only did they steal his card details on a non-existent transaction, they sent him a brick through the post to rub salt into that wound.

Related stories

Watch out, there's a scammer about
PayPal hit by coding glitch
Teen eBay fraudster pleads guilty to £45k scam
eBay 'second chance' fraud reaches UK

Intelligent flash storage arrays

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.