• Home
• About TameBay
  • Contact TameBay
  • Comments Policy
  • About Chris
  • About Sue
  • Guest Posters
  • Privacy Policy
  • Advertise on TameBay
• Archives
• Links
• Directory
• Forum

Vladuz arrested and in custody

Romanian law enforcement officers arrested Vladuz yesterday with members of eBay’s global fraud investigation team in attendance.

Vladuz has been a thorn in eBay’s side since 2006 when he began a hacking crusade against the company culminating early last year when he gained employee posting rights as a “pink” on the eBay forums. Importantly he never gained access to eBay’s back end systems confirmed by eBay in a Press Release stating “Despite numerous efforts to defraud eBay users via accessing administrative accounts, Vladuz was unsuccessful in his attempts.”

Romania has long held a reputation for cyber crime leading to CBS naming it the “New Citadel Of Cybercrime“. Rivalling Nigeria with it’s 419 scams, Romaina gained an unwanted reputation for auction fruad due in part to low wages. Compromising just one or two accounts a week could result in a higher, albeit criminal, income than could be earned legitimately in Romania. Simple economics has made defrauding US and UK Internet users an attractive proposition.

This arrest will be welcome news for the EU, where there is serious concern over fraud within Romania. eBay’s Chief Information Security Officer, Dave Cullinane said “We are delighted that Vladuz is in custody thanks to the hard work of Romanian law enforcement. Their willingness to work closely with eBay and other global law enforcement agencies was instrumental in making this arrest.”

eBay Germany allows phishers free rein

This week Auctionbytes were given a live demonstration on how phishers can capture eBay user names and passwords.

Falle-Internet.de explained that viewing an auction containing certain code could capture your personal information from eBay, and clicking links could also capture your eBay password.

In the UK all but the most basic types of HTML or Javascript are banned for all users. Germany however has different rules allowing experienced sellers to use more sophisticated code in their auctions. eBay UK told us each eBay country site have discretion on “how to run their business to suit their marketplace” and this includes whether to allow javascript in auctions. In the UK it is not possible to use the offending code, so all UK auctions are safe to view.

Viewing an auction listed on eBay Germany even though you are logged into eBay.co.uk could still allow the malicious code to execute, the only safe way to view these auctions is to block scripts from running in your browser.

Our recommendation for all sellers would be to use a seperate eBay account for buying. If you’re browsing auctions especially from Germany make sure that you’re logged out of your main selling account. That way, if you’re unfortunate enough to have an account hacked, at least it won’t impact your income.

PayPal is more secure than US banks

Anyone who’s been trading on eBay and used PayPal for any length of time might be excused for thinking account takeovers are a fairly prevelant occurance. In fact trawling eBay’s community forums will soon reveal complaints from users either who have had their account hijacked, or had a purchase or payment from a buyer who has.

In reality it appears that PayPal’s security is pretty good, and compared to a US bank account or ISP account ranks as one of the lowest risks. Hiese Online reveals that “eBay/PayPal came near the bottom of the list at 0.83 per cent of the total complaints“, with banks and ISPs more likely to lose your data.

If you’re worried about ID fraud PayPal should be the least of your concerns, other financial institutions you deal with may be much more likely to expose you to identity theft and fraudulent transactions.

eBay Oz to mask buyer ids on all auctions

eBay Australia has just announced that as of Friday this week they’ll be masking all buyer ids in auction bid history. This means that regardless of the start price of an auction you’ll never be able to see who is bidding, you’ll just see Bidder 1, Bidder 2, Bidder 3 etc.

The reasoning behind the policy is to protect buyers from receiving fake second chance offers. In the UK bidders user ids are hidden when the bid price exceeds £100.00, in Australia it’s AU$250. This limit will now be removed in Australia so that even 99p auctions will have user ids hidden.

The change has been prompted by scammers failing to contact bidders on high value items - the policy has been a success. Sadly scammers have simply lowered their sights and are targetting bidders of lower value goods.

They contact eBay users by guessing their email address for example sending emails to common domains with the eBay user id as part of the address (userid@hotmail.com, userid@yahoo.com, userid@gmail.com etc). Some of these emails are reaching real eBay buyers and they’re still falling for fake second chance offers. By masking all user ids fake second chance offers may be erradicated entirely.

Whether this will roll worldwide is yet to be seen, but Australia was also the first eBay site to roll out the initial Safeguarding Members IDs initiative in November 2006. The UK and other countries may follow suit and mask all bidders IDs in the near future.

Doubtless shill hunters will complain that they can no longer detect illegitmate bidding on auctions just as they did in 2006. eBay do have shill detection systems in place and limited information on bidders history is still available to site users. Sellers will still be able to see the full buyer ids on their own auctions.

Fake second chance offers have been around for far too long and if they can be totally eliminated it’s great news for buyers and sellers alike.

Risky sellers must offer PayPal

Largely overlooked amongst last week’s changes on eBay UK was an announcement about PayPal rules on eBay.

All sellers with a feedback score lower than 100 will now have to offer PayPal on their listings. Certain categories designated “high risk” must offer PayPal, and others will be allowed to offer *only* PayPal as a payment method: both these are the same categories as announced last year, but see below for a full list.

Easy to miss is the throwaway line at the end of eBay’s list: “We’ll also send targeted emails to sellers who we will require to offer PayPal because their buyer satisfaction is particularly low.” eBay UK have yet to specify what sellers will have to do to be targetted under this policy.

And there’s more. In certain - again, as yet unspecified - circumstances, PayPal may hold onto the money altogether:

To ensure transactions are completed to the satisfaction of both buyer and seller, PayPal may make the decision to hold payments related to specific transactions on eBay. This will only occur on a very small percentage of transactions, where research predicts a bad experience is more likely to occur. These restrictions will come into force at the end of March, and full details will be made available in good time before this change.

The US have released details of why a payment may be held and when it would be released, which could be earlier than the 21 days maximum. Sellers who have

• been on the site for six months or more,
• have a feedback score of more than 100 and
• a buyer dissatisfaction rate under 5%

will never have their payments held. We don’t yet know if similar criteria will apply to the UK.

This ought to feel reassuring: unreliable sellers must offer a method of payment which protects buyers, and sellers involved in transactions which look like they’ll go bad will not be able to take their money and run (though arguably that latter is more about protecting PayPal than the buyer). Moreover, sellers with an established track record should not - if the UK adopts the US guidelines - fall foul of this policy.

I just hope PayPal’s PR department are ready to deal with the upset from new sellers who don’t understand why their money’s being held for three weeks.

Read more

More on PayPal expanded Seller Protection

Firstly the best news of all - PayPal expanded Seller Protection will be FREE.

Yes, cynical as I am when I first posted PayPal had stated that they’d “offer” expanded Seller Protection to PowerSellers in the UK, US, Canada Hong Kong first, by “offer” I wondered about what it might cost. It costs nothing though so as soon as it’s available to you sign up. Not often PayPal give something for free so I’m wildly in favour of these changes, especially as the benefits are fantastic.

Benefits

• No more confirmed addresses - all addresses will be eligible for Seller Protection, simply ship to the address on the transaction details page. Every address in the PayPal system will be considered a confirmed address including customers work address, neighbours address and gift addresses - if it’s on the transaction details page it’s valid.
• Proof of posting will be sufficient for unauthorised funds claims. For lost in post you’ll still need proof of delivery.
• No limit on claims in any one year (currently £3250 pa).
• Coverage extended to all 190 territories PayPal operate in, any currency, any country.
• There’s nothing for you to do - no integration, no changes to the way you work, just sign up and say “yes” when you’re invited.

These changes were promised at eBay Live! 2007 in Boston by Rajiv Dutta. It’s fantastic to see that they’re just a few days away from becoming a reality for PowerSellers and soon to more eBay users across the world.

PayPal to offer better seller protection

PayPal have stated in the near future sellers will be able to ship to any address confirmed or otherwise and qualify for seller protection. Unconfirmed addresses which in the past made seller protection invalid, would no longer exclude sellers from protection for unauthorized funds, non-receipt claims and chargebacks.

This program known as Expanded Seller Protection will initially be made available to PowerSellers based in the UK, US, Canada and Hong Kong. In addition to all addresses being considered confirmed, coverage to all 190 countries served by PayPal will be included with no coverage limit on claims.

The vital missing information from todays announcements regarding PayPal Expanded Seller Protection is what it will/may cost. That fee could range from free, to a per transaction basis, to a set monthly fee, or a percentage of total transactions processed.

The dream of being able to ship to every customers to any address may be one step closer, it remains to be seen if it’s affordable.

PayPal acquire FraudSciences

PayPal has acquired FraudSciences for just under $170,000,000 in cash, FraudSciences are a privately held Israeli company with expertise in online risk tools. Their technology differentiates between real and fraudulent transactions with supposed unprecedented accuracy and so is a great fit for PayPal’s business.

Scott Thompson, the new President of PayPal said “Integrating FraudSciences’ risk tools with PayPal’s sophisticated fraud management system should allow us to be even more effective in protecting eBay and PayPal’s hundreds of millions of customers around the world.”

I can’t access my PayPal account

My neighbour is an avid eBayer, well several of them are! They all know I make my living selling on eBay so they come to me whenever they need help.

“I can’t access my PayPal account” is the current problem and naturally my neighbour is worried that his account might have been hijacked. The problem is further exacerbated by the fact his old bank card has expired and as per advice from all banks was cut up and disposed of. His new card has a different 16 digit number and so he’s unable to use that for verification that he’s the account owner. The other option, the secret questions, has also proved troublesome - the answers aren’t accepted. Possibly he did a typo when entering the answers, but either way he’s not able to retrieve his account.

Earlier we phoned PayPal, and I was full of confidence assuring him that it would be a simple matter to recitfy. Not so!

Firstly the PayPal automated answering system wants to know the last four digits of the card number registered to your account (we still won’t ever know that now). It’s nigh on impossible to get through to a human without entering that information but eventually we managed it by inputting a totally fictitious number Then the problems really started.

The advice given was simply to open a new PayPal account using a different email address. I was astounded at that advice - everyone knows (or should know!) that you’re only allowed one PayPal personal account and one premier or business account. Advising a user who is worrying that their account may be hijacked to simply open a new account just doesn’t make sense. He wants to know that no one is using his original account and have it restored to him as quickly as possible.

Eventually we were advised to fax a covering letter along with a photo ID and household bill with proof of address. We’ll get that done, but how long it’ll then take to recover his PayPal account is anyone’s guess. In the mean time he’s got outstanding eBay purchases with sellers chomping at the bit for payment, and he’s worried someone else might be accessing his account.

Hopefully it’s simply a case of incorrect passwords, but a cautionary note for other PayPal users: Keep a record of the bank cards registered on your account and answers to your secret questions (no matter how sure you are that you know what they are). One day you might need them to regain access to your account!

Hijacked account: eBay emails are useless

I’ve received an email today from eBay informing me that one of the buyers I may have traded with has had their account hijacked and it is now in the process of being restored to it’s original owner. However it’s possibly one of the most unhelpful emails eBay send.

Firstly it gives no indication of which transaction it refers to. Was it an exisiting bid that’s been cancelled? Was it a completed item? How long ago was the bid/purchase? Was in fact the bidder a winning bidder or a losing bidder?

Telling me I can relist the item is useless as I have no idea which item is in question. Even worse telling me I can “request a credit for the Final Value Fee” is ridiculous, as again I don’t know which transaction the email is refering to.

Lower down the email it tells me I can “You may file a “friendly” unpaid item dispute (UPI) remark in order to request the fees for your auction.” I’m guessing that’s refering to a mutual cancellation, that relies on the account owner agreeing to cancel the transaction and still leaves the possibility of both parties leaving feedback. Should they disagree I won’t get my fees back and even worse it leaves the possibility of the buyer leaving less than glowing feedback and negatively impacting my DSR stars.

Personally I believe eBay should be automatically refunding any applicable Final Value fees AND the Listing Fees with Listing Enhancement Fees. With no transaction reference to refer to I can’t apply for fee credits. Back in March last year we highlighted the difficulty of reclaiming fees from hijacked accounts. It appears nothing much has changed. Why should I pay eBay for the privilege of a hijacked account bidding on my auctions if they’re not even willing to let me know which transactions were affected?

Currently I don’t even know if it’s a shop item with multiple purchases which would probably mean previous legitimate buyers have also been emailed stating that the transactions have been cancelled, or a live item again with exisiting buyers being informed that their bids are null and void.

The entire hijacked account process needs reviewing. At the very least sellers need to be informed of the affected item numbers so that they can action the fee refunds. Informing sellers that there’s an issue which needs addressing without the information to act upon it is useless and it’s a total waste of time and effort on the sellers part attempting to locate a transaction which is no longer on the site.

If eBay cancel a transaction then the seller should be informed which item number is affected and ALL fees relating to that transaction should be automatically refunded.
Read more

eBay applaud Microsoft law suits

Microsoft has stepped up it’s anti-counterfeiting measures filing 52 lawsuits in the US and referring 22 further cases to local law enforcement in 22 seperate countries. All the cases name resellers who allegedly sold counterfeit Microsoft software on various online marketplaces as the defendants.

15 of the 52 lawsuits filed involved software traced to the largest-ever commercial counterfeit syndicate, which was broken up earlier this year by Chinese authorities, the FBI and Microsoft. Through its investigations, Microsoft found that the counterfeit software produced by the Chinese syndicate was distributed in some markets through US online sellers. Users of Microsoft software helped identify the counterfeiters after Windows Genuine Advantege technology informed them that their software was fake.

Microsoft work closely with eBay to erradicate fakes from the site, they are members of the VERO program and have published an eBay guide explaining how to identify genuine Microsoft products.

Matt Halprin, eBay Trust & Safety VP said “eBay applauds Microsoft’s actions to stop the abuse of its intellectual property. The sale of counterfeits is an industrywide problem both offline and online. Counterfeit software is illegal and not welcome on eBay”

Don’t get mad, get blogging

A disgruntled eBay buyer has set up a blog to express his frustrations with an unhelpful seller. Buyer “paceaudio” bought a Nikon D40 from eBay Store “shopsunshine”. He went to pay by PayPal as normal, but was only given the option to phone the seller; a predictable and rather crude attempt to upsell him followed. The buyer then spent three days calling the company chasing up a promised PayPal payment request which never arrived.

Understandably, he got fed up. The camera was needed for work, so not having it was about to cost him money. The buyer left negative feedback, and started bidding on another camera listed by a seller who offered overnight shipping.

The next day, he had a call from a manager at the company, who had seen the feedback and wanted to make things right. He could have the camera the next day, *if* he would withdraw the negative feedback. “Against his better judgement”, he agreed. Presumably at this point he actually paid for the camera (though the blog doesn’t say exactly when this happened), and he was promised that he’d receive the DHL tracking number shortly.

Nothing arrived: no DHL tracking number, no camera. The buyer writes “Now they have my money, my feedback, and I’m gonna have to cancel this shoot at the last minute. I lose money, reputation, and future jobs because of this.”

The story doesn’t have an ending yet. It’d be nice to be able to say that ShopSunshine, even at this point, tried to make it right: a box full of accessories with the overnighted camera would be a step in the right direction. It’d say “yes, we screwed up and we’re taking the hit for that”; and at this point, I think honesty is all that’s left to them. Better that than the buyer saying “and I did a PayPal chargeback and forced them to give me my money back”.

I think there’s a couple of lessons for buyers here too though. Firstly, the threat of negative feedback is always more potent than the feedback itself. Once you’ve left it, you’ve played your hand, so make sure any issues are dealt with *first*.

The same goes for withdrawing feedback: issues dealt with first, feedback withdrawal second. Don’t let any seller blackmail you with promises of supplying the item you’ve ordered once you’ve withdrawn your feedback, because you can’t put that neg back a second time if they don’t come through.

Buy safe, stay safe on eBay

Richard Ambrose the new Head of Trust and Safety kicks off the week with some advice on how to buy safely on eBay. Tips include checking out your sellers feedback and asking them directly for more information about the product that they’re selling.

Buying Safely on eBay
In addition he has some advice on how to prevent your account from being hacked, and what to do in the unfortunate event that your account is compromised.

Protect your eBay account
It’s always good to see senior eBay employees in person, even if it is just on video. Richard has only been Head of Trust and Safety for a few weeks and it’s great to already see increased communication from the team. As well as the new videos the Trust and Safety blog has been revived and you’ll often find Richard posting on the community discussion boards on the eBay site.

Get safe online awareness week

12th - 16th November is the awareness week for Get Safe Online, the website sponsored by the government and businesses including eBay. Today they were in Bristol promoting safe browsing and giving advice on how to keep your personal information secure when you’re on the Internet.

The good news is that the message is slowly getting across with 88% of Internet users now having some form of protection such as a firewall or antivirus software installed on their computers. Not such good news is the estimated 7.8 million people who have WiFi networks which are unsecured and open for anyone to access.

The Get Safe Online team were handing out leaflets and offering advice at Bristol University, Age Concern and later in the day at Bristol’s Central Library, where this group of students from Bristol Cathedral School received advice on safe Internet browsing.

Inside both at Age Concern and in the library, workshops were held where anyone could receive hands on help to understand how to stay safe online.

As well as visiting venues around the country Get Safe Online is attracting interest from the media with various articles and news bulletins highlighting the campaign.

Anything that promotes online safety has to be a good thing, so if you see the team in a town near you make sure you go and say hello. More importantly read the latest Get Safe Online report. It highlights WiFi and social networking sites, such as MySpace and Facebook, as two of the biggest security risks this year.

Shall I stay or shall I go now?

So what is Rob Chesnut former Senior Vice President of Trust & Safety doing? There have been conflicting stories since he went on sabbatical despite a brief appearance at eBay Live in June.

October the 18th saw a post on The Chatter which announced “A short while ago, however, Rob’s time off ended, and now he’s back to work – but he has a new desk!. Rob’s taking his expertise in the field of high-tech crime, internet fraud, and with his previous legal background, he’s transitioning to a new role as Senior Vice President, Deputy General Counsel.” That post disappeared again pretty quickly and is no longer available online.

This week it’s now apparent that Rob Chesnut will be leaving eBay and working in a consultation basis. “In a personal email, he let the Chatter team know that he’ll be helping our legal team on some special projects. As to a long-term position? Rob said that there are no definite plans. While it’s sad to think of an eBay marketplace without Rob, the Chatter team wishes him the best.”

Both the US and UK Trust and Safety Teams now have new leadership in place. Matt Halprin now leads the Global T&S team whilst in the UK the departure of Garreth Griffith to PayPal leaves Richard Ambrose overseeing the site

UK buyers warned on US toy recalls

eBay UK has warned buyers to be on the alert for toys recalled by manufacturers due to safety concerns. The US Consumer Product Safety Commission has issued recalls of a number of children’s toys and other items in recent weeks. These include:

• some Fisher Price toys Dora, Diego and Elmo
• some Mattel toys including Barbie accessories, Bongo Band and Geotrax
• various toys with a lead paint hazard, including certain Thomas & Friends Wooden Railway toys, toy gardening rakes, tools and chairs, Knights of the Sword toys, puppet theaters, spinning wheel-metal necklaces and additional children’s metal jewelry
• some Kolcraft play yards due to risk of strangulation
• a further list of toys with lead and strangulation hazards, including Cub Scouts Totem Badges, Bendable Dinosaur toys, Princess Magnetic Travel Art Set Lap Desks, Deluxe Winnie-the-Pooh 23-Piece Play Sets, Deluxe Wood Art Sets and certain styles of Starbucks children’s plastic cups
• another list with possibile lead, strangulation or laceration risks which includes turtle sprinklers, Dunkin’ Donuts glow sticks, puppet theaters, bookmarks and Halloween skull pails.

Sellers are advised to check model numbers of the items they stock and to withdraw any of the affected lots from sale. Buyers are advised to check model numbers with sellers before purchase: full details of all recalled products can be found on the CSPC website.

eBay sellers: guilty until proved innocent

Imagine if every time you listed an item on eBay you were required to include the serial number in the listing. That’s what the police and retailers in the US are calling for, without any thought to the reality of the situation.

The argument goes that stolen goods from retail outlets often end up on eBay and more information about sellers and recording serial numbers on the site would allow police to track professional shoplifters more effectively.

Sadly there’s little thought to just how sellers would manage this. Today I launched just 22 new listings, but with multiple items on many listings that still represents 163 discrete products, for which I’d be obliged to enter serial numbers. The time required to do so would be prohibitive.

If you routinely sell the same item you probably have a standard template. Sellers using automation rules relist unsold items and launch new instances of the same item using a set auction template: changing the serial number would be impossible. Even a single listing may have tens or even hundreds of the same item for sale which would result in a list of serial numbers many times longer than the actual product description.

And that’s just the products which have serial numbers - clothing, DVDs, CDs and many consumer items simply don’t have individual serial numbers.

Of course genuine sellers are the ones who would be affected most, they’re the ones who would dutifully spend many unpaid man hours entering serial numbers into their auctions. The professional shop lifters the measures are supposed to target would do exactly what Rob Chesnut pointed out and make up fictitious serial numbers leaving the entire exercise pointless.

The other measure called for is more information on the identities of high volume sellers. Rob Chesnut said eBay weren’t averse to the idea but noted many sellers are reluctant to include their real name, address and telephone number on their eBay listings. Unless every seller were obliged to do so again the measures would be useless. High-volume sellers in many cases already do include contact information on eBay; thieves would simply use multiple smaller accounts to sidestep the issue.

I can’t help feeling offended by the retailers attitude shifting their shop-lifting problem onto eBay sellers. Retailers don’t search every customer as they leave the store just in case they’re a thief. Why should thousands of legitimate eBay sellers jump through hoops to prove that they too aren’t thieves?

UK eBay users at risk

The Times today confirms that UK eBay users are increasingly becoming the targets for phishing and account takeovers. Unsurprisingly eBay Motors continues to be a major target due to the high ticket price of goods in comparison to other categories. It’s a mark of how well eBay have attacked fraudsters and educated their users that scammers are targetting the UK instead of the larger eBay.com market.

Much more worrying is a report on The Register that a new varient of the bayrob trojan has appeared. Previous version installed a webserver on the users computer which sent eBay pages to the users browser masquerading as the eBay website. The new version not only inserts fake eBay pages and supposedly gives a false increase to sellers feedback making them look more trustworthy, but it also spoofs other security sites.

Sites such as Carfax.com, Autocheck.com and Escrow.com that users may use to verify the authenticity of listings. Imagine finding a product to buy and using eBay recommended escrow.com to pay, and then finding not only were you on a fake eBay site but had also paid through a fake security site, even though both exhibited full security information! The trojan also appears capable of displaying false emails in My Messages, the only way to establish if they are authentic is to log on from an uninfected PC and they’ll disappear.

Antivirus companies will be updating their virus signatures to detect the new strain of the virus, but as always it is users themselves who can offer the most protection. The only way the virus can infect your computer is by an attachment to an email. Users should constantly be wary of email attachments, especially if it is unexpected and you don’t know what it contains. If you’re not sure what it contains don’t click and open it!

Finally the ultimate protection when buying a car on eBay is the same as if you were buying it from your local paper. Never ever hand over the cash or sent it though a third party payment method until you’ve seen the car in person. A little common sense can stop a conman dead!

T&S welcomes Matt

In recent months, there’s been a lot of speculation about Rob Chesnut, eBay’s Senior Vice President of Global Trust & Safety, and his future within the company. Rob took a sabbatical just after eBay Live, which prompted some bloggers and eBay community board users to speculate that he wasn’t coming back. Today, we can tell you that he *is* back - but he’s got a new job. Rob will now be known as Senior Vice President, Deputy General Counsel, a position which should draw on his pre-eBay legal experience. Trust and Safety is to be left in the hands of Matt Halprin, known to listeners of eBay Radio as the “resident Trust and Safety guy“.

We wish both Rob and Matt luck in their new positions.

Genuine PayPal emails with spoof URLs

PayPal emails are corrupt this morning. They are arriving for valid transactions with the PayPal URL replaced by an error. The links in the email including picture links all refer to https://SECURE.UNINITIALIZED.REAL.ERROR.COM/uk/vst/id=xx

Although disconcerting it appears simply to be an email error. The payments are real payments for real transactions and logging into my PayPal account shows that the funds really have been paid.

It has to be more than a little embarrassing for PayPal just as the number of phishing emails are falling and they’ve implemented domain keys to then insert a load of dodgy URLs into their payment notification emails.

eBay and PayPal phishing slows

According to a report out today from anti-virus vendor Sophos, eBay and PayPal phishing emails have dropped significantly in the past year. A year ago nine out of ten spoof emails were targetting either PayPal or eBay, today it’s down to one in five.

Graham Cluley of Sophos explained “PayPal and eBay users are much less likely to be targeted by virtual muggers, in part due to the efforts the firms have made in educating their customers about what to look out for, and how to protect themselves. The phishers are not turning away from their life of crime, however. They are now turning to a bigger pool of potential victims.”

Whilst eBay and PayPal users are much more aware of phishing emails the fraudsters are simply turning to other companies to target. Smaller credit card companies, online retailers and companies in specific geographic regions are more likely to be the target of phishing today.

PayPal advanced fraud detection rollout

There’s good news from PayPal this morning, they about to start testing advanced fraud detection.

Too often in the past sellers receive a payment, they ship the goods and 24-48 hours later receive an email from PayPal stating that the payment is under review. The email always requests that the goods are held if they’re not already shipped, but by then it’s too late. Sellers do their utmost to ship goods to buyers as quickly as possible and in the past the warning emails have always arrived after the goods have been shipped.

Now PayPal are introducing Payment Review, and it’s automatic - there’s no need for sellers to sign up to the process. When PayPal’s system flags a transaction as high risk they’ll send the seller an email within minutes instead of days. The payment will be marked as pending with the investigation typically taking 24 hours to complete. At that stage either the funds will be fully released to the seller and they’ll be covered under seller protection or the transation will be cancelled.

This is not something sellers will see very often, it’s rare that transactions are investigated and it only happens in a tiny number of transactions overall. The early warning within minutes is essential and sellers will welcome the news. The downside is that currently testing will start with small number of US and Canadian transactions in the short term which will increase over the next few months and only roll out worldwide at some point in the future.

Scot Wingo on his blog wasn’t too complimentary about PayPal releasing this in the run up to Christmas. Personally I’d be more than happy for PayPal to test this in the UK instead of the US, rather than continue receiving the dreaded “Don’t ship this item” email the day after the courier delivered the product!

How to recognise a spoof email

Yahoo! promised, back in June, to be the first ISP to implement Domain Key checking on emails to protect their users. PayPal and eBay have announced in conjunction with Yahoo! that all Yahoo! Mail users will be protected from spoofs.

Domain Keys provide a unique way to verify the authenticity of email messages to determine if messages are real. The collaborative effort between Yahoo!, eBay and PayPal will result in the blocking of unauthenticated email, reducing the volume of spoofs for Yahoo! Mail users and reducing the risk that they’ll be tricked by fraudulent emails. If the user doesn’t receive the spoof email it becomes that much harder for a phisher to hack into their account.

John Kremer, Vice President of Yahoo! Mail said “By reducing the risk of phishing scams, Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users, and this protection will benefit the larger Yahoo! Mail community as well”

Other ISP’s should follow suit and implement Domain Keys technology in the near future. In the mean time Michael Barrett, PayPal’s Chief Information Security Officer has some tips on how to identify phishing emails and stay safe online.

Vladuz is back

Auctionsbytes reports that Vladuz the Romanian hacker is back on eBay. eBay themselves have confirmed that he was able to gain access to “a very small number” of accounts, which he then suspended. There’s some indication that he targetted those who have been critical of him on eBay message boards: one user for example received an email quoting his own post wishing that Vladuz would get caught, with the comment “Oh ya? F*** you.” Another received an email saying “Stop saying sh*t stuff about me, a**hole” which was signed by Vladuz: when she tried to sign into her eBay account, she received an alert that it had been suspended due to seller non-performance issues.

eBay spokesperson Nichola Sharpe said that “the fraudster did this by accessing externally visible servers not by hacking into the eBay site.” There’s no indication of what other information may have been on these servers, though eBay did work very quickly to restore the accounts: most seem to have been returned to their owners within an hour, and eBay are now contacting those affected to reassure them that their information is secure. Nichola said “at no point did the fraudster get any access to financial information or other sensitive information.”

Designer fakes seller jailed

A 38-year old former town councillor has been jailed for selling fake designer goods on eBay. Richard Burge, from Conwy, was caught by Trading Standards officers with fake Armani jeans and 85 other counterfeit designer items which would have been worth £7,000 if genuine. Burge admitted 8 trademark offences, one trades descriptions offence, and asked for a further 78 offences to be taken into account. He was sentenced to six months.

Burge’s defence said that he began trading legitimately on eBay to supplement his income, but that his selling of fakes “snowballed”. He quit his local councillor position when charged, and said that he had stopped selling the fakes before Trading Standards began their investigation.

Just £7,000 really isn’t worth the risk of ending up in jail. Anyone even toying with the idea of selling fakes ought to bear in mind that stopping selling is no guarantee that you won’t end up inside.

Next Page »

• Recent Comments

  • Gay Martina: I have also noticed that having several listings that meet the basic keyword search affects visibility....
  • Gay Martina: I think they should have retired the old search at the same time as bringing in the new shop/BIN fees...
  • Chris Barton: featured first listings on a 30 day gtc seem to have avoided the return of the old search system
  • Chris Barton: Featured first also seems to have to compete with featured plus listings as well, tried a featured plus...
  • FenLex: You couldn’t make it up, could you? Has anyone in eBay management considered that this is the sort of...
  • FenLex: I’m not an accountant but I think it means that they are writing off a lot of money in their accounts...
  • Mike Ralph: This really has got to be a glitch hasn’t it?
  • Crowprincess: Ironic considering the first ever sale was a broken laser pointer, but sounds like a necessary move.
  • Chris Dawson: #1 It was a bit of a shock for me too when I saw the listings I’d carefully engineered to the top...
  • Di: That could explain my lack of sales today after several very very good days.

Recent Forum Threads

Copyright © 2006 - 2008 Chris Dawson & Sue Bailey