Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT

An Inside Look at eBay Security 165

daria42 writes "This in-depth interview with eBay's Australia/New Zealand security manager is fascinating reading for anyone interested in online security and how the online auctioneer interacts with law enforcement agencies. "Normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."
This discussion has been archived. No new comments can be posted.

An Inside Look at eBay Security

Comments Filter:
  • by Anonymous Coward on Monday August 01, 2005 @08:37AM (#13213354)
    All that I got out of this article is that they have a phishing toolbar, an email address to test spoofs on, and that they are "committed" to a bunch of crap. This is not an in-depth look at anything.
    • by Anonymous Coward
      So, completely contrary to the overall tremendous quality of independently, thouroughly researched Slashdot content, you are implying that this article is a mere PR-stunt by eBay?

      This is outrageous! I demand of the goderators your immediate bannation from this discussion group.
    • Which will I believe in the future? A fluffy piece about how much eBay cares about security ("We weally weally do care about security! Trust us!") which gives me no solid information ("Our toolbar does such-and-such to protect our customer.", "We have X technologies to assist victims of fraud.")

      OR

      stories from my brother *in Australia* about how he was ripped off by an eBay scammer? Or stories from coworkers and friends that have been ripped off by an eBay scammer? Or the author of a national bestseller telling how he was eBay scammed? [1]

      Here's a tip, eBay. Word of mouth goes a lot farther than a fluffy article that tells me nothing. I read a long time back a dissatisfied customer tells ~3x the number of people his experience than a satisfied customer.

      I'm honked off because I had to sit through that article, feeling patronized and advertised. Sheesh. What a waste.

      [1] _The Paradox Of Choice: Why More Is Less_
      by Barry Schwartz ISBN:0060005696
      (I think it was the first few paragraphs of chapter 7.)
      • I was ripped of by ebay, because of a scammer. Apparently some had "hacked" someone elses account and bought a whole bunch of expensively priced items, including a bike i was trying to sell. So I never received any money for this, and still have the bike, but ebay still decided to take their pound of flesh. And since I didn't respond in time, I can't get the money back! Dirty dogs...
      • Actually, eBay and other major online vendors DO care. Most people are shy and scared of putting the CC's on the net. With news popping up "all the time" with regards to identity theft, the commercials (i.e. IBM and AOL) with regards to identity theft (remember the cute, but air-head, blonde with the apple crumb cake?), these companies need to build immense amount of trust! Lets not forget about the "My brothers friends, cousins, sister had their CC numbers defrauded 10 years ago" stories.

        W/o the tr

      • Couldn't agree more. My issue with eBay is not so much trouble with people breaking the law, but people selling second-hand goods as though they are new. I bought something touted as new a few weeks ago but it arrived looking like it'd been stolen, rolled in mud, slept on by a dog, and then scratched a bit for good measure. Returned it and suffered a bit more bait-and-switch.

        Of course, when I left neutral feedback, the seller hit me with negative feedback accusing me of all sorts of things.

        As you've suggest
    • Quit sniveling and get back to work.
  • in-depth? (Score:5, Insightful)

    by jbellis ( 142590 ) <(jonathan) (at) (carnageblender.com)> on Monday August 01, 2005 @08:37AM (#13213355) Homepage
    Wow. Isn't Monday morning a bit early to be hitting the crack pipe that hard?

    Sample "in-depth" response for those who didn't RTFA:

    How does eBay weed out unscrupulous sellers on your site?
    MacGibbon: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members. We also work closely with law enforcement agencies to help them to bring offenders to justice.
  • PR Fluff (Score:5, Insightful)

    by Chmarr ( 18662 ) on Monday August 01, 2005 @08:37AM (#13213356)
    I read the article.

    I've never seen a more PR-fluff article in my life.

    (Okay, that was an exaggeration. I follow the SCO saga as much as the next guy :)
    • When are they going to get all the Asian bootlegs off there? It is nearly impossible to shop for video games on there because they flood the site with listings. Same for DVDs.
      • The Asian bootlegs will come off when regular copies become affordable.

        I visited HongKong a long time ago when DVDs were becoming popular. They sold bootleg movies for $2 US all over the streets. Versus the real copies for $30-$40 in US currency comparison. Note, prices might have fallen alot more now, since DVD is now the new standard there over Laserdisc. China is supposedly worse, since that equals to a monthly salary for a freaking DVD.

    • Considering when you report someone who is selling pirate software and they do sweet FA, I'd expect the article to be nothing more than PR-Fluff.

      All they need to do is remove any artical that it not as described
      e.g. goto laptops, look for anything with more that 64MB or ram, remove the hundreds of 'bogus were not selling laptops' entries.

      They should also give you the address of the person selling the item once you have 'won', and force the seller to use tracked mail and send you the tracking number.
    • by goombah99 ( 560566 ) on Monday August 01, 2005 @10:04AM (#13214035)
      If they really wanted to eliminate the problem, which they dont really care about by all signs, then they would pay a bounty on fraud reports. They would establish some sort of trust network, simmilar to the feedback system, to cull the whiners from real fraud reports. Finally, they would require all sellers for new items over $100 to either post a 30 day bond with e-bay for cash/western-union payments, or conduct the transaction via VISA credit card. They would post an actual method of contacting pay-pal.

      If tehy were serious, they would do some sort IP address localization, and post not only where the person said they were from but also where their IP says they are from.

      If they were serious they would not allow first time sellers to use western-union on new items over $100.

      If they were serious they would bar private auctions for first time sellers.

      ergo, they are not serious
  • "Normal"? (Score:3, Insightful)

    by NineNine ( 235196 ) on Monday August 01, 2005 @08:37AM (#13213360)
    "Normal people don't get up in the morning and wonder how they can steal or trick someone."

    That's amazing that this guy can define a "normal" person since psychiatrisys and psychologists have been trying to do this for many, many years. I happen to disagree with him, in fact.
    • I'm not going to try to define "normal", but I'm pretty sure that the majority of people don't wonder much of anything when they get up in the morning. Consider myself, for instance -- when I get up in the morning I'm likely to be thinking about how amazing it is that my alarm clock just "knows" when to go off... if I'm thinking of anything at all.
    • Comment removed based on user account deletion
      • by h4rm0ny ( 722443 )

        Normal people aren't ambidextrous aardvark afficionados either.

        If you were an afficionado of aardvarks, would you talk about it?
      • "Normal people aren't ambidextrous aardvark afficionados either."

        Hey, you better watch it, or the AAAAA (American Association Against Alliteration Abuse) will get you!

        (Hey, it was either that, or an "insensitive clod" joke.)
    • That's amazing that this guy can define a "normal" person since psychiatrisys and psychologists have been trying to do this for many, many years.

      I think he meant average, and by average he means people who are more likley to be stolen from than to steal.

      Personally, I feel that as a possible solution anyone who commits fraud should be sterilized and their children taken away from them in order to preven such habbits from being passed on to them, but that tends to lead to slippery slopes which social engineer
  • From the article: (Score:4, Insightful)

    by jurt1235 ( 834677 ) on Monday August 01, 2005 @08:38AM (#13213367) Homepage
    There's been numerous stories about the security aspects of browsers. Would you recommend Internet Explorer or other browsers such as Firefox and Opera for eBay members?
    MacGibbon: eBay does not endorse any particular browser.

    Is Linux really more secure than Windows?
    MacGibbon: eBay does not endorse any particular platform.

    Then he really will not be able to get sleep, promoting a browser with some anti phishing techniques in it would help his job, and people listen to him based on his role.

    On the other hand, I understand his reasoning behind the remarks: If you promote something, and it still goes wrong, people will try to blame it on you.
    • ''Q: Would you recommend Internet Explorer or other browsers such as Firefox and Opera for eBay members? MacGibbon: eBay does not endorse any particular browser.

      Q: Is Linux really more secure than Windows? A: MacGibbon: eBay does not endorse any particular platform. ''

      Q: Should children eat pellets of rat poison, or should they eat a healthy balanced diet?
      A: eBay does not give advice on nutrition.

      Q: Should I vacation in the Sunni Triangle, or in Cancun?
      A: eBay does not give vacation advice.

    • On the other hand, I understand his reasoning behind the remarks: If you promote something, and it still goes wrong, people will try to blame it on you.

      That's part of it, but you're missing the bigger picture.

      Even though their are various security issues on the user's end, it's not his job to ensure that security is tight on the user's desktop. In fact, he can't control what happens on a user's desktop at all. All he can control is what his servers present to the user and what happens on his servers. Wha
      • You are correct, however they do educate their users a bit though.
      • Eh - that's the medium size picture. In the even bigger picture, "security" is there for a purpose. In a commercial setting, that purpose is "Making/saving money". For eBay, the perception of "A lot of people get all their stuff stolen on the Internet and eBay is often involved and my neighbours son says eBay don't care" is, if widespread, catastrophic. In other words: Client side security is quite important for their business.

        More generally, the cost of any reasonably broad problem with users' security

        • Computer security is essentially authentication so that the computer does what it is supposed to do, but the rest of the business activities, fraught with peril as they may be, are not the responsibility of people in charge of security. Users have to follow the rule of buyer beware.

          There are so many legal and policy matters, but auctions have been around for eons. The difficulty may be the sheer number of jurisdictions that eBay touches. This may bring about some uniformity in global law regarding certain p
    • Firefox is no more secure than Internet Explorer if the user is gullible and if no "anti-phishing" toolbar is running. I can type my personal information and send it to some Pakistani web site in Internet Explorer, Safari, Firefox, you name it.

      There are a countermeasures that people can use already, but with so many options out there -- and not all of them work equally well -- I'm not surprised that eBay is sitting this one out.
      • That is why I mentioned: A browser with some anti-phishing technique in it, not a name of a browser. For myself, kmail is anti-phishing enough, sometimes I do not even understand the problem with the phishing mail since it just does not work (wrong e-mail layout) to even get the idea of phishing acros. Anyway, they do educate their users as they mention, and also learn from their users, so they at least do something to stop it. 1/100th of 1% for fraud is not bad, certainly not by something so "vague" as an
    • I'd say the Internet Explorer window on his Dell in the picture on page 2 says enough
    • If he promoted a specific browser and pointed to it's anti-phishing techniques, any users who found sites that avoided those techniques would sue eBay. Corporations can't really take sides in the stupid browser/os battles. Today's secure browser is tommorow's hacking target...better not to have it in writing.
    • My favorite part is this...

      MacGibbon: less than 1/100th of one percent of all items listed result in a confirmed case of fraud

      The "confirmed" came up a few more times. Talk about reading from a script. I must assume that "alleged" cases are fraud nicely do not register on this impressive statistic.

      Normally speaking, I'm fairly trusting, but when I see something like this being spun this hard, I makes me very suspicious.
      • That is a bit disturbing. The fun part of his job is the two-way fraud possibilities:
        1. Do not send what you were supposed to send, so just get the check.
        2. Claim not to have received what you were supposed to receive and try get your money back.

        To bad the article does not give any details on how they research it though.
  • by Anne_Nonymous ( 313852 ) on Monday August 01, 2005 @08:39AM (#13213368) Homepage Journal
    An Inside Listen to eBay Security:

    "Hellloooooooooo.....!"

    "llloooooooooo.....!"
    "lloooooooo.....!"
    "loooooo....."
    "oooooo...."
    "oo....."

  • Not so in depth (Score:2, Informative)

    by Anonymous Coward
    On reading this it seems eBay haven't got a blue. Basically the whole thing can be summed up by saying:
    1) We work closely with law enforcement agencies
    2) Less than 1/100th of 1% of cases are fraud

    No new information. No techniques the rest of us can use to prevent on-line crime. No reason to read it :(
  • Reading the summary (and knowing what we know about e-bay), I can't help but think of it being said Professor Farnsworth:

    "I won't rest, until we can..." *snore* .... zzzzzz.
  • Normal people don't get up in the morning and wonder how they can steal or trick someone.

    I agree. It would definitely be an odd person that got up in the morning and wondered "Hmm... how can I steal someone today?"

  • Really? (Score:2, Insightful)

    by hayalci ( 807196 )
    I won't rest until we can eliminate wrongdoing
    Then this guy will not have rest for a looooooong time...
  • Marketing waffle (Score:4, Insightful)

    by badfish99 ( 826052 ) on Monday August 01, 2005 @08:41AM (#13213379)
    This reads to me like a marketing exercise by Ebay: it's all buzz-words and vague empty statements:

    Q: How much (in dollar terms) and how many subscribers have made claims to eBay's buyer protection program?
    A: I cannot put a dollar amount on this figure.
    Q: How does eBay weed out unscrupulous sellers on your site?
    A: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members.
    Q: Is Linux really more secure than Windows?
    A: eBay does not endorse any particular platform.

    And so on.

    • by dr_dank ( 472072 )
      and this guy also has a hardon against.... WRONGDOING!

      He says he won't rest until he can eliminate wrongdoing. Between children cheating at Old Maid and people not rewinding videos before returning them to the store, he'll be busy for the rest of his life.

      • He says he won't rest until he can eliminate wrongdoing.

        I presume that wrongdoing is that which is done by wrongdoers. A "wrongdoer" is sort of an evildoer Lite . So, what can we do about these "wrongdoers"? George Bush won't bomb and invade them (they're not the fully fledged evil, remember), but he might send Donald Rumsfeld to give them a wedgie.

      • people not rewinding videos before returning them to the store

        Is this like that nasty person who didn't rewind that DVD I hired last week? Man that's annoying when they do that.
  • by Yonan ( 883124 ) on Monday August 01, 2005 @08:41AM (#13213381)
    "I won't rest until we can eliminate wrongdoing," They'd best eliminate paypal (which they own) first then, if they're talking about wrongdoings. http://www.paypalsucks.com/ [paypalsucks.com] for the few who don't know about it. Taking the easy road out and getting money from the person they know is in the right just because it's easier then getting it form the scammer is the name of the game with Ebay and their wholely owned paypal.
    • Mod Parent Up. (Score:4, Insightful)

      by amcdiarmid ( 856796 ) <amcdiarmNO@SPAMgmail.com> on Monday August 01, 2005 @09:27AM (#13213701) Journal
      PayPal is a black mark against financial theives everywhere. My experience with them is about like this:

      1) Realize purchased item is missing & seller not replying to email & contact number is bogus.
      2) Report it to PayPal
      3) Get canned response that you have to wait untill the getaway is made (3-4 weeks?) before you make the report.
      4) Wait & re-make the report.
      5) PayPal Sits on the investigation for two weeks.
      6) PayPal Makes investigation
      7) PayPal says: "The seller appears to be fradulent, but has withdrawn all funds from their account so we have no recourse: file a claim with your insurance."

      If Ebay had any thought about fraud, they would start with PayPal. This is just PR fluff.

      Consider the fight against regulating some types of Ebay Sellers (drop off points) like Pawnbrokers. Pawnbrokers are regulated so that their is a paper trail of who sold what (possibly hot) items. Some high crime areas have what are essentially Hot Item ebay resellers: They take items, and sell them on ebay. They then return ~66% to the "owner" who requested their services. Florida (god help me for using them as suggesting a good law) attempted to regulate this type of drop-off store, but was beaten down.

      oh, yes. PayPal bad.
  • by kryten_nl ( 863119 ) on Monday August 01, 2005 @08:41AM (#13213384)
    "I won't rest until we can eliminate wrongdoing,"

    Someone give this guy a lightsaber...

    (Or a gun and a map to an Al-Quaida training camp)
  • In-Depth? (Score:1, Insightful)

    by Anonymous Coward
    Since when does a collection of non-commital answers to vague questions qualify as an 'in-depth interview'.

    And since when has slashdot stopped letting lynx users post comments!! Captcha's discriminate against me and my shell session.
    • Since when does a collection of non-commital answers to vague questions qualify as an 'in-depth interview'.

      Since the begining of journalism. There have always been lazy reporters who will take a press release, slap their name on it, and call it a news story.
      Anyone want to bet that the so-called reporter and the interviewee never even met?

  • In depth? Hardly. It was looking like a reasonable interview until the second question: Do you think these victims are shooting the messenger -- ie eBay -- instead of heeding the numerous warnings about payment procedures and security? The question is good but the answer is just market spiel that doesn't actually answer what was asked.

    Percentage this, eBay is striving hard to do that...

    I won't rest until we can eliminate wrongdoing.

    My god, he's the "Trust and Safety Director" at eBay, not a homicid
  • Somebody seems to have emailed in some questions and PR pasted in some answers. I do however now know that there are 1,000 Trust and Safety employees at eBay and PayPal.
    Oh and eBay thinks crime is like really and totally bad and stuff - my world is still rocking from the news.
    • Actually, it was *over* 1,000 Trust and Safety employees.

      See, 1,000 is a lot.. that's a lot of Safety and Trust employees, and they've got even more than that! How many Safety and Trust employees do you think they actually have? 2,000? 5,000? Whatever it is, it's over 1,000 - and that's a lot of Safety and Trust employees.

  • by zanderredux ( 564003 ) * on Monday August 01, 2005 @08:46AM (#13213414)
    "Normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."

    Yes. That confirms it: he thinks he's Batman.

  • or did this article basically provide NO information at all on how they track down these people and then hand them over to the police?

    i was hoping for SOME information, not just marketing talk
  • by Ancient_Hacker ( 751168 ) on Monday August 01, 2005 @08:46AM (#13213422)
    Here's some real experiences from 6 years of eBaying, both buying and selling:
    • Out of over 1200 items sold by me, I've gotten exactly ZERO bad checks. Two people didnt pay as promised. Not too shabby.
    • On the other hand, I reported to eBay a guy that was selling obviously copyright-infringing stuff. They responded they wouldnt do anything until THREE people reported it. I looked back in his list of buyers and got the requisite number of complaints. I got a boilerplate kiss-off e-mail from them-- eBay still declined to do ANYTHING to the scammer.
    • I'll second that. I used to buy over FidoNET and others, via various networked BBSs. In almost 20 years of buying and selling stuff, I've had exactly 2 deals not go as planned, and neither of them was fraud. One was 10 or so years ago with a copy of Novell Netware, I though was Netware 2, and turned out to be Netware/2 (for PS/2). My bad, didnt read the ad good enough, but turned around and sold it for what I paid for it. Second deal was a couple years ago on ebay, I was selling something, guy won the
    • Well I guess it depends on what you're selling, or your willingness to accept Paypal payments. I've personally sold around 50 items on eBay, and have been the victim of a reversed payment once, as well as having to refuse to trade with bad buyers on 3/4 occasions which I noticed were obviously hacked accounts after researching.

      And that doesn't even include the various scam emails I get with auctions running from various shady types offering to buyout for ridiculous prices providing I send the item immediat

    • Same here.

      Years of usenet, classifieds2000, ebay activity with little problem (a buyer that refused an item he'd bought and had me send COD being the worst).

      On the other hand, 3 yrs ago, someone created a bogus aol account, a bogus ebay account, and etc. in my name. Bought 2 used laptops using a visa of mine that was near it's limit (dumb luck!) and I got a call from VISA. I suspect the visa data came from buying VCD's from an international vendor (futurama before it came out on DVD).

      Here's my scorecard:

      A
  • Wow. (Score:4, Funny)

    by Sierpinski ( 266120 ) on Monday August 01, 2005 @08:50AM (#13213450)
    "I won't rest until we can eliminate wrongdoing," says eBay's Alastair MacGibbon.

    That's going to be one tired fella. I think I just heard the price of coffee, Mountain Dew, and Jolt cola going up slightly in his locale.
  • What a great advertisement. It took me a few sentences to actually realize that I was viewing an online commercial. The slick placement as a /. news article was what almost got me at first!
  • by krell ( 896769 ) on Monday August 01, 2005 @08:53AM (#13213468) Journal
    ' MacGibbon: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members. We also work closely with law enforcement agencies to help them to bring offenders to justice. '

    I was recently looking to purchase a VHS tape of a classic TV show off eBay. I know this one exists as a regular commercial release, and I wanted to buy the legit copy. I found a certain seller listing it, and was poised to bid until I looked at his feedback.

    In the feedback, I found several negative feedback complaints that the seller shipped the buyer a crappy tape taped off of TV. The vague wording in the listing I was interested in (and lack of an image) implied that this, too, was just a copy off of TV. I asked him him if the tape was legit, but got no response.

    After this, I would look for this episode, and always find the guy selling his pirated copies. His negative feedback which mentioned the copies being pirated grew. I reported him to eBay a few times. They did nothing. At one time, they said they had no policy against anyone taping commercial shows off TV and selling them.

    • Strangely enough, things take a very different turn if you attempt to sell an OEM version of a Microsoft product, without the prerequisite "hardware".
    • In their (limited) defense, the feedback system is one of the better things eBay has to help keep you from being had.

      You checked the feedback on the guy (as everyone should but not everyone does) and decided it wasn't legit.

      I'd say that's a plus to eBay! ...So as not to defend them too much though, yes, they definitely have a lot of work to do in regard to security.
  • If it's eBay's goal to 'wipe out wrongdoing', then why don't they even enforce their own policies? Title spamming on eBay runs contrary to policy, yet is so rampant as to make many searches useless.

    Of all the simple things eBay could do to clean up the end-user experience, building a crawling engine to sniff out and flag this kind of nonsense might be among the most trivial. But yet, nothing is done about it.

    But of course.. it's a simple fact that eBay benefits any time a sale occurs. If title spamming

    • If title spamming increases the rate of sales, and possibly the final bid price, it's actually in eBay's financial interest to turn a blind eye.

      Short term only. Not trying to deal with such practices that degrade the customer experience (by, for example, making searches harder) makes it easier for competing services that figures out how to address those problems to establish themselves. Of course, barring a software or business methods patent, Ebay could simply re-implement the technique themselves.

      The

  • writing in italics, so you know it's really me.
  • The dreaded Slashdot Distortion Field has struck again! Seriously, this guy has been doing a nice PR work with this article, nothing more. Besides, do you really think he'd dish out details this easily? eBay want us to trust the site, not being aware of all the possible scams that lurk on it, so they'd rather not tell how it's done, but reassure us with a "I'm won't rest until these bastards are in prison" and "eBay is the safest place to do online business".

    Typical ZDnet article though :)
  • With regards to his previous job as Australia's invincible cyber-warrior:

    Some have criticised the AHTCC because there haven't been any noticeable prosecutions to date. How come?

    MacGibbon: These things take time. The way I would describe our investigative policy to date is that, in the last year since we opened the doors, we needed to know what the criminal environment was...#blah blah#

    Well he gave that job (or it gave him) 18 months - either way I suspect the 15 year olds down under don't have muc
  • What is the most challenging part of your job? What keeps you up at night?

    MacGibbon: Wrongdoing upsets me. It did when I was in the Australian Federal Police for 15 years and upsets me still: normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing.

    Yep, this is one huge PR session for eBay and "how they're doing everything to bring down fraudulent activity". The statistic of 1/100 of 1% is bullshit too. I've been scammed

  • Y'know... I wish /. would display the link destination next to links in articles and not just comments -- would save me a lot of time.

    ZDNet is most definitely not a news source -- nothing more than a PR organ imho.
  • by Anonymous Coward
    One thing that you have to pay close attention to is the fact that the eBay buyer protection does not cover the first $25 of the loss. Some large number of items on eBay sell for less than $25, so eBay never has to cover for the fraud in those cases. But they have to make everybody feel secure so that they get more business.

    My personal experience is that eBay does very little to stop the thieves. My girlfriend bought some collectables for about $26 (inc. shipping). The guy she bought from had a very goo
  • When I get to page two the formating of the text just get overlaid and it's unreadable... thanks to firefox I was able to read it.. but uh that's pretty unacceptable from a major site like that when 90% of users uses IE...
  • "I won't rest until we can eliminate wrongdoing"

    Sort of like how "we" (the US) won't rest until we eliminate terrorism?
  • I have been using eBay sinc 1997 and being the paranoid sort, never had any problem.

    Most ebay fraud involves chump change and law enforcement will not bother with it. It is like calling your local police and yelling: "My bicycle was stolen." You expect to ever get it back?
  • by Ingolfke ( 515826 ) on Monday August 01, 2005 @09:23AM (#13213662) Journal
    -- said Alastair MacGibbon as he donned his cape and dashed out the door for another day of crime fighting.
  • Comment removed based on user account deletion
  • "I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."

    Who talks like that? I can imagine Batman or Judge Dredd coming out with some heroic gibberish, but the guy works for eBay. What is he going going to do? Wear his underwear on the outside and stomp out crime in time for tea?
  • "Normal people don't get up in the morning and wonder how they can steal or trick someone.", Normal people just get up in the morning and wonder ... how they can sell an item for a dollar (or 99 cents) on eBay and pile up S/H to very high dollar numbers and get away with it in broad daylight (I know! nights too) right in front of the eBay baboons! ...
  • Look at the following matters!:

    1) "Get your free iPod/Macmini/flatscreen" _as long as you sign up to several monthly direct debits and become a spammer to get many more people to do likewise

    2) Sellers with massive favourable credit histories accumulated by selling penny-cost items to a handful of people, all of whom have traded with each other similarly to amass a good score at no expense - and who then turn up with a batch of expensive consumer goods.

    3) eBay customers that suddenly change location
  • Thieves (Score:3, Insightful)

    by Tom ( 822 ) on Monday August 01, 2005 @09:46AM (#13213903) Homepage Journal
    "Normal people don't get up in the morning and wonder how they can steal or trick someone."

    Right, they call it "portfolio management" or "marketing" instead, or use any other term for acceptable theft and trickery.

    I've seen some - and worked in - a few perfectly legal businesses which had all the trappings of a scam operation, except that they weren't illegal.
  • by miller60 ( 554835 ) on Monday August 01, 2005 @09:54AM (#13213960) Homepage
    From Netcraft:

    Phishers Steal Trust From Ebay Sign In Pages [netcraft.com]

    "Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page. ... By including special parameters at the end of the URL, the fraudster has changed the behaviour of the Sign In page so that when a user successfully logs in, they will then be sent to the fraudster's phishing site via an open redirect hosted on servlet.ebay.com."

    Because of the "borrowing" of ebay's web site, the EBay toolbar reports the phishing site as legit.

  • Fraud percentage (Score:3, Insightful)

    by pqdave ( 470411 ) on Monday August 01, 2005 @10:31AM (#13214245)
    I like the "less than of transactions are proven fraudulent". If you look at Ebay/Paypal's protection policies, it's not worth pursuing in most cases. With the combination of all the hoops to jump through and the limits on what Ebay will refund, you could earn more per hour at McDonalds. Meanwhile the fraudster has left you negative feedback just before switching to a new account.

    If Ebay really cared, they'd make it easy to report fakes and frauds, and they'd set up software to triage the reports most likely to result in a real finding and real people would work on those.
    • ...have you noticed that they make it hard for you to pay by credit card - ie, they ask you if you're really sure and that you won't get "PayPal Protection" (sic)?

      Every wondered why?

      If you use your credit card and the transaction screws up, your CC company will reverse the transaction and PayPal are left to deal with the shit.

      If you use your bank account, PayPal arbitrates - heavily in favor of the vendor (especially if a high volume $$ vendor).

      Bear that in mind when making a transaction with an untrusted p
  • Normal people don't get up in the morning and wonder how they can steal or trick someone.

    What? They've obviously never bought or sold anything on eBay.
  • Normal people don't get up in the morning and wonder how they can steal or trick someone.

    This isn't sticking up for the criminal element, but normal people also don't get up daily thinking about how they're going to thwart the criminal element today.

    It's that kind of pre-judgement which makes it hell for all of us legitimate consumers these days: Everyone assumes that you're a criminal, and it's up to you to prove otherwise. these days it's the opposite of the old viewpoint of "innocent till proven gu
  • July 29, Netcraft (UK) -- Phishers steal trust from eBay sign in pages. Scammers have exploited a flaw in the eBay Website that allows them to orchestrate phishing attacks using eBay's own Sign In page. Registered users of eBay's popular online auction Website must sign in using a username and password in order to participate in bidding and listing of items. A new style of phishing attack shows scammers exploiting flaws on the Sign In page and on another ancilliary page which results in victims being redire
  • This article might be complete "fliuff", but I will say - eBay *does* at least occasionally take some proactive steps to reduce fraud.

    Several months ago, my eBay account was hijacked by someone in another country. In under 24 hours after it happened, I received a phone call from someone in "eBay security" about my account, asking me to verify whether or not I was really selling a particular, expensive telephoto lens for a Canon 35mm camera and a couple other similar items. This was before I had even reali
  • I've worked peripherally with some people at eBay, and do hire good people, and obviously they have one of the largest "market caps" in reputation to protect. I was really hoping for a good technical piece on how they busted a multinational group of credit card theieves (which they did, just a few weeks ago) or a good story on the political struggle between the easy thing - denying there is a problem, and the equally dangerous problem of getting lost in the details.

    What I got, was a couple paragraphs that r

Time is the most valuable thing a man can spend. -- Theophrastus

Working...