eBay denies claims it's failing to thwart 'systematic fraud'
Man alleges elaborate scam is slapping money out of online souk's pockets
A campaigner has gone public with his concerns over an alleged scam on eBay.
The person claimed a group of fraudsters have found a way around PayPal/eBay's anti-fraud system, in a complex multi-stage scam. eBay says it has the problem in hand, a contention strongly disputed by the campaigner, who said he has tracked and reported the fraud to the firm for months - without a proper clampdown by the online auction house.
He alleged the "ongoing scam" - which ultimately leaves eBay rather than its users out of pocket - would have "conservatively" cost the auction house tens of thousands of pounds.
The informant describes the scheme he alleges is at play. "Phase one" begins with creating fake eBay and PayPal business accounts using throwaway webmail accounts.
These accounts are used to sell iPhone cases and leads for three to four months, to create a clean track record. PayPal thinks the trickster is a legit seller and releases the 21-day payment hold, allowing instant access to any money the fraudsters get through sales. eBay also clears the accounts from the shackles of a system (focused on new accounts) that checks for suspicious inventory changes.
At this point the scam kicks in. The fraudsters begin listing items such as electric toothbrushes, power drills and Lego sets. They sell these in batches of 20+, usually around four to five batches per account. The goods are not sent out to the buyers.
As soon as the funds from the first batch are in, they spend the money in their accounts on iPhones and - or laptops from other legitimate eBay stores. The fraudsters also buy large quantities of stamps.
They use techniques to avoid giving away their real location when picking up the goods.
By the time the buyers who bought the first batch ask for refunds - because their items ares not delivered - most or all of the money has already been spent. Scam accounts are abandoned. eBay/Paypal, left unable to retrieve the funds, must dip into its own pocket to refund scores of buyers who have been ripped off.
The average scam account makes £1,440 and rips off 99 people, according to the source.
"Over the past 5 months I've not only told eBay about this scam several times but reported the accounts months before they scammed via @askebay on twitter and also reported every listing via the report item link.
"eBay have completely ignored me every time and by doing this from November to Now they have lost over £100,000 and over 7,000 customers have had their time wasted."
After he failed to get eBay to act, our informant went public with a series of blog posts documenting the alleged scam.
He contacted The Register last month. And since which we've talked to eBay and passed over a list provided to us of suspect accounts, which the auction house (on investigation) said had already raised red flags.
eBay told us it had detected the rogue accounts independently, rather than as a result of our reader's alerts. "Our filters had detected behaviours associated with them that merited account reviews and necessary steps were taken to limit these accounts immediately," a company spokesman told El Reg. The online auction house also offered a generic comment about how it monitors suspected fraudulent abuse on its marketplace.
We have dedicated in-house detection teams and alert systems in place to identify suspicious behaviour.
Our teams share information with law enforcement agencies around the world to keep our marketplace safe for customers.
The campaigner dismissed eBay's response. "Not counting the ones you [The Register] reported, I've never in [six] months seen an account in the active scamming phase get shut down till long after it was abandoned.
"The scammers are still going, albeit in a limited capacity, for the time being. I'm guessing they are holding off making new accounts for a while but they'll be back. I can't see them walking away from at least £20,000 a month," he added.
He claimed the scammers were also abusing PayPal, incidentally, in furtherance of the scam. PayPal told us it was "looking into this internally".
A third-party infosec expert, who offered an opinion but made it clear he would rather not be quoted, said he could see how such a scam would work but the victim in this is eBay as the account-holders who are duped get their money back. "The main victim is eBay [which] may have estimated the costs of dealing with this level and type of fraud outweigh the costs due to the losses."
The campaigner accepted this point. ®
Sponsored: Becoming a Pragmatic Security Leader