The online auctioneer eBay has admitted an "extreme growth" in the
number of personal accounts being hijacked by fraudsters.
Criminals are obtaining the secret passwords of eBay subscribers and
using their sites to conduct bogus auctions for non-existent goods.
In a growing number of cases, would-be buyers on the UK's most used
website are paying thousands of pounds to apparently reputable sellers
after winning auctions on the site -- only to find out they had been
dealing with criminals.
In an interview with Radio 5 Live, eBay would not reveal exactly how
many accounts had been hijacked, although a company spokesman refused
to deny that possibly tens of thousands had been compromised.
"Last year there was extreme growth," said Gareth Griffiths, head of
trust and safety for eBay. "Certainly last year it was a high-growth
area for us, it's a painful issue."
In one recent case, up to ten people are thought to have paid a total
of 15,000 for non-existent hot tubs, while another would-be buyer
thought he had purchased a 4,000 camper van - which turned out not
Grab and go
In both cases eBay accounts had been hijacked to sell off the non-existent
"It gets to the point where that is obstructive to our inquiry," said
Ruth Taylor, North Yorkshire Trading Standards.
The hijacking of sellers' accounts is a particularly sensitive issue
for the auction site, which relies to a large degree on the level of
trust between the buyer and seller of goods for its success. There are
more than three million items for sale on the site at any one time.
eBay blames its account holders for not installing proper security on
their home computers and for replying to so-called "phishing" emails.
These are fake emails made to look like official eBay messages and
which demand the secret passwords to users accounts.
Viruses are also said to be infecting home computers by installing
themselves inside hard drives, where they monitor the keystrokes of
eBay users, make a record of passwords before sending them onto the
'Nothing to do with us'
Describing the problem as an "off eBay" issue, Mr Griffiths said the
problem was "nothing to do with us".
In several cases examined by the BBC the eBay users who had their
accounts hijacked claimed to be computer literate and vehemently
denied that they had replied to phishing emails.
"There is no way I would have done that," said Dr Oliver Sutcliffe a
biochemist from Nottingham. His site was hijacked over the space of
one weekend to sell thousands of pounds worth of electrical goods.
EBay is also under fire from law enforcement officials in the United
States and manufacturers over levels of crime on the site and the
lack of cooperation they receive.
Trading standards officers who regularly investigate crimes
perpetrated on the site have accused eBay of being "obstructive" in
the way it shares information. North Yorkshire Trading Standards says
eBay can take up to two months to provide the names and addresses of
suspects it is pursuing.
"If it takes up to two months, then it is eating in to a lot of time
that we have to make prosecutions," said Ruth Taylor, who heads the
authority's special investigations unit. "It gets to the point where
that is obstructive to our inquiry. Our investigators suggest that
netters _stay away_ from eBay entirely at least for the time being."
Concerns have also been raised about the large amount of counterfeit
goods on sale on eBay.
Adidas told the BBC that it monitored up to 12,000 auctions involving
its goods every day on the British site -- yet it estimated that up to
40% of all Adidas products available were counterfeit.
eBay says it has a special relationship with brand owners, who can
notify the site of auctions involving counterfeit goods which will
then be taken down within hours.
However, the Ben Sherman clothing brand says it recently took eBay
five days to take down an auction of counterfeit clothing -- by which
time much of it had been sold. "We certainly are not going to make it
good for them or the buyers," said Barry Ditchfield, noting that
"I think one must say that it's highly unsatisfactory," said Barry
Ditchfield, Ben Sherman's brand protection manager.
"With all the amount of profits that eBay makes, then there is ample
scope for additional staff. Frankly, it is totally unsatisfactory, not
just for Ben Sherman but for all brand holders.
EBay have rejected the accusations, saying that the company has a good
relationship with law enforcement officials.
"The satisfaction level is generally very high," said Gareth Griffiths.
Five Live Report: Policing eBay can be heard on Radio Five Live at 1930BST
on Sunday 18 December or afterwards at the Five Live Report website.
Story from BBC NEWS:
Copyright 2005 BBC.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or) http://telecom-digest.org/chat/index.html
For audio news from BBC and headlines/stories from the press please
go to: http://telecom-digest.org/td-extra/BBC.html
[TELECOM Digest Editor's Note: I have noted from my personal
experience that, like their subsidiary PayPal, eBay has a huge amount
of phishing going on all the time. But unlike PayPal, where if you
send them a copy of the mail to 'firstname.lastname@example.org' and get back
immediatly an autoack saying 'that email is not ours; thank you; we
will look into it', eBay does not use the 'spoof' address in the same
way. EBay has a much more involved system they expect their users to
follow in order to report phishing, which apparently works no better,
but just takes longer to send referrals. Like Paypal, eBay encourages
users "send us all the phishing things you get" and when Lisa Minter
was working on that for me, it often times took several hours per day
scooping them up and forwarding them to PayPal and EBay. I finally
sent email to both telling them, "We only have two people working here
and I am not going to hire someone else just to handle spam" and we
quit cutting and pasting all the time just to help them. Still, the
phishing spams roll in for both organizations. Maybe if enough people,
buyers and sellers alike quit using eBay, that company will start
really taking phishing seriously, if they get sued often enough, etc. PAT]