eBay scamming automation primed for fraud
Print storyBots it all about, Alfie?
Posted in ID, 3rd August 2006 08:58 GMT
Free whitepaper – Server-gated cryptography
Fraudsters are starting to use automated bots in a bid to establish a bogus eBay reputation that will later allow them to dupe gullible punters through bogus auctions.
Once upon a time, one of the easiest ways to make an illicit buck on the net was to set up an auction for a non-existent item, pocket the money a buyer sends, and disappear. These days such a scam can only hope to reel in potential marks if the account used has a high positive-feedback rate.
As well as stealing accounts, con merchants have begun to use other techniques to obtain accounts that look pukka to the casual observer, according to security appliance firm Fortinet. By automating the process of creating an account with an ostensibly good rep, crooks can avoid the tedious business of building up a decent profile before looking to cash in with a scam auction.
The "eBay scamming automation" begins with the (probably automatic) creation of randomly named, fake user accounts. These fake users, powered by automated web spider software, search eBay for extremely low value ($0.01) "buy it now" items, such as eBook or wallpapers, and place a purchase.
As Fortinet points out, most one-cent-plus-no-delivery-cost sellers automate the whole transaction: should someone buy their eBooks, a script emails it automatically to the buyer, and leaves a standard feedback comment on the buyer's profile. The fake user then automatically responds with a standard feedback comment on the seller's profile.
So software bots talk to software bots, and scammers can build up multiple (impressive looking) fake accounts.
"Sellers are making cash without doing anything, and scammers owning the fake accounts are building positive feedback, again, while sleeping, watching porn, or chatting on IRC - and only for a fistful of bucks," as Fortinet puts it. ®
Free whitepaper – Vulnerability management buyer's checklist
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance
The best practices guide for application security
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive