This is a very interested article for those who sell or buy on Ebay.

By Frank Fortunato
April 14, 2005


Today, few things cost eBay users as much money and grief as account hijacking. At the vanguard of this threat is an attack known by the warm and fuzzy name of phishing — e-mails sent by thieves posing as legitimate online businesses with the intent of hijacking passwords and other sensitive personal data.

The latest stats indicate that the phishing threat has reached epidemic proportions: In February 2005, there were no fewer than 13,141 unique phishing e-mails messages supported on 2,625 separate fraudulent Web sites, according to the Anti-Phishing Work Group, an industry association that includes eBay and other major online targets. Symantec, the producers of Norton Anti-Virus, claims intercepted phishing attempts grew 300 percent since June, 2004. EBay's size makes it one of the five most-targeted sites on the Internet.

E-mail phishing attempts are not the only threat facing eBay users. Phony escrow services, Wi-Fi network invasions and assaults on eBay's mammoth online payment service, Paypal, makes eBay country a virtual minefield.

As an eBay seller for the past six years, I have witnessed a wary reaction among the site's buyers as more and more users get caught in the hijackers' snares. Accounts from other eBay vendors indicate the same, as well as a decline in auction traffic and buy-through prices. The antidote is awareness of each manifestation of the threat, which we will address here in Part I of this report.

A Four-legged Monster: eBay E-mails
The early attacks raised nothing but red flags for most eBayers: e-mails, initiated overseas in fractured English, riddled with spelling and syntax errors and washed-out looking eBay logos — if any appeared at all. The recipients were warned, "if you do not update your account information within the next 48 hours your eBay account will be closed." A hyperlink appeared at the bottom directing the prey to a Web site demanding passwords and other eBay account data, often including credit card and other personal information.

While these early, crude attempts at account hijacking did not fool most eBay users, they were successful enough to encourage the thieves to clean up and refine their scams. The spelling and sentence structure improved, copyright statements were added to the e-mails, and the eBay logos appeared realistic — giving momentary pause even to savvy eBay veterans.

Then Came Paypal
Once eBay bought the enormous online payment service Paypal in October, 2002, the phishing attempts expanded to Paypal users, hijacking and cleaning out seller's Paypal and linked bank accounts. The scam begins with warning e-mails similar to the eBay phishing attempts. The thieves tend to target sellers with good feedback ratings whom buyers prefer, and to vendors who deal in high-ticket, high-demand items, such as electronics, jewelry, cars, coins and other expensive, popular items. Using photos from the victims closed auctions, the thief resells the items to unsuspecting buyers (or under bidders via a "second chance offer") and often, adding insult to injury, use the victim's Paypal account to pay for listing fees and photos.

An offshoot money-laundering scam involves e-mails to Paypal users offering a percentage of a sale if the overseas "seller" can use the victims Paypal account to transfer the funds. While this constitutes money laundering and is patently illegal, the 10-to-25 percent cut for the use of the account has enticed many Paypal users into participating into a crime that usually leaves them with an empty account.

The Big Enchilada: Phony Escrow Services
Frequently, the most costly eBay fraud involves phony escrow services. In a typical scam, the "seller" targets buyers on eBay motors, offering popular vehicles such as BMW's Mini-Coopers, Camrys, Harley Davidsons etc., at far below market value. The victim e-mails a question to the thief who replies with a form e-mail (rarely using the recipients name,) suggesting an escrow service he's used "many times before," and offering extravagant perks such as free transcontinental vehicle shipping, which usually costs $900 or more.

The e-mails contain logos of legitimate escrow services and copyrights dating from 1999 or 2000, fostering the impression they have been in business for a while. The payment options include Western Union cash transfers, direct electronic transfers or other dubious online payment methods. The thief sets up an anonymous Yahoo e-mail box, uses a throw-away cell phone for a phone number, and vanishes with the victims money.

The Emerging Wi-Fi Threat
The spread of wireless data technology known as Wi-Fi, is rapidly altering the way people get online. Using base stations, or routers, you can link several computers to a wireless high-speed Internet connection that lets you move around with laptops and other mobile devices, as well as to connect your computers to printers and other devices.

Virtually nonexistent in 2000, Wi-Fi base stations are now in 10 million American homes, according to ABI, a technology research firm. Further, base stations can be found in many public places and retail businesses such as hotels and coffee shops, as well as college campuses and towns that are blanketed with wireless zones or grids.

Hard on the heels of this explosive growth come the thieves. Recently, the Secret Service office in Newark, New Jersey completed an investigation that lead to the arrest of 30 international data thieves. Of the 30, half regularly used the open Wi-Fi connections of unsuspecting neighbors.

Typically, the range of a Wi-Fi connection signal is 200 feet. However, newer amplifiers and antennas extend the hijacker's reach up to a quarter mile. While some public locations charge a fee or force people to register, thus making them potentially traceable, others leave their networks wide open. The result is that the thieves can scour a victim's computer or "sniff" a network for passwords and other sensitive data, using it to empty accounts, hold false auctions and run scams across the Internet.

Wi-Fi routers include built-in preventive measures that secure the systems from hijackers, but most home users and many public places do not bother to use them.

Collectively, these four hijacker attack modes constitute a larcenous cottage industry that has launched many eBayer's into a world of pain, and which now threatens the reputation and continued success of the online auction giant.

The complete article can be read at the following links.
http://www.smallbusinesscomputing.co...le.php/3497676
Adapted from www.ECommerce-Guide.com, part of www.Internet.com Small Business Channel.

__________________