Ask eBay users about auction fraud and payment scams, and you'll hear different stories with the same theme: While eBay can be a great marketplace, both buyers and sellers need to beware.
PC World contributing editor James Martin was nearly defrauded when he tried to sell a laptopand managed to avert disaster thanks only to a cooperative post office clerk who searched for and returned the package Martin had shipped a few hours earlier. Martin is not alone. The FBI tracks online auction fraud via its Internet Crime Complaint Center, and auction scams have averaged more than half of all online fraud complaints.
However, the actual numbers of fraud reports have gone down in the last couple of years, returning to 2003 levels. This may be due to better policing by eBay or to more awareness of fraud among the auction site's users.
And eBay has taken a number of steps to combat fraud. One of them is an antifraud toolbar for users , designed to identify attempts by phishers to obtain your eBay log-in information. Recently, eBay also partnered with Google to stamp out a major site-redirection vulnerability exploited by phishers .
Other tools in eBay's fraud-fighting arsenal include the eBay/PayPal Security Key , launched in February of last year, as well as several measures designed to safeguard member IDs and improve buyer protections introduced in April 2007 . Also, to protect member ID information, which can be used to send phishing e-mail and fake "second-chance" offers, eBay now hides the IDs of bidders in big ticket auctions. And an expanded new seller feedback system gives buyers the detailed information they need to decide on the seller's bona fides.
Finally, a sweeping overhaul announced this week should lead to a new balance of power between buyers and sellers. Among other changes, sellers may no longer leave negative feedback on buyers, eliminating the fear of retaliation that many buyers had when deciding whether to leave negative feedback of their own. This fear resulted in under-reporting of bad transactions through the feedback system. And sellers in high-risk categories like computers, or those who have less than stellar feedback, will now be required to take payments either through PayPal or a credit card. In some cases, PayPal will even withhold payments to sellers entirely until the buyer has left positive feedback or 21 days have passed without a claim.
Even with all these safeguards, there are still risks to using eBay. Users put up with them because it's the biggest game in town, with 95 percent of all online auction listings, according to Jupiter Research. Total auction sales were about $30 billion last year, a big slice of overall U.S. Internet sales of $116 billion. Local Craigslist classifieds and Amazon's Marketplace are gaining in popularity, especially for hard-to-ship items and books, but for many broad product categories, such as antiques and collectibles, eBay is still the best or only viable outlet.
So what can you do to protect yourself against auction fraud, and buy and sell safely on eBay? Read on.
Avoiding eBay scams largely boils down to performing due diligence on your transaction partners and potential purchases, and being extremely careful about auction-related e-mail messages and payments.
Most eBay fraud falls into one of three broad categories, all of which affect both buyers and sellers:
Account hijackings: Criminals take over accounts with good feedback and use them to buy merchandise with stolen credit cards or to sell big-ticket items that are never delivered.
Counterfeit, doctored, or misrepresented merchandise: Bogus products can be very hard to spot. Buyers end up paying more than an item is worth, and sellers of genuine goods can't compete on price.
Payment fraud: An endless variety of credit card, wire transfer, and bogus money-order scams cheat buyers and sellers alike out of both money and merchandise.
This is the biggest and most dangerous problem on eBay. Through phishing messages and bogus links in auctions, scammers get hold of your eBay password, which they can then use to take over your account and buy or sell with near impunity, leaving you holding the bag for transactions you had nothing to do with.
Common and highly effective phishing scams include sending e-mail messages that mimic those you are already used to receiving from eBay's mail system, such as questions from buyers, bid notices, and after-auction invoices. When the unsuspecting recipient clicks on a link in these messages (usually purporting to be the item page), it takes them to a phony eBay log-in page instead, where their account information is then captured. The malicious site may also be programmed to install a Trojan or keystroke tracker on the user's computer, which can then be used to capture other passwords as well, such as to PayPal or banking sites. (Besides the image above, go to Bustathief.com for more examples of eBay phishing lures.)
Scammers work fast with hijacked accounts, listing popular high-cost items like computers, iPods, and plasma TVs in one- or three-day auctions. After collecting the money, often sent to overseas accounts, they disappear, leaving the legitimate account holder to deal with irate buyers, possible police investigations, and a ruined feedback rating that may have taken years to build up.
The flip side of this scam is using the pirated account to buy a load of valuable and easily fenced items with a stolen credit card. In this case, the true account holder has to deal with angry sellers who are out both their merchandise and their money.
The latest twist on hijacking fraud: phishing pros are now selling kits that novice scammers can use to set up their own phishing sites and e-mail lures. The kits secretly send the collected data to the original developer. It's sort of a phishing pyramid scheme, where the lower levels take the risks and do the work, sending the spoils back up the chain.
Protect Yourself From Hijacking
While account hijacking is a rampant problem, it's also one of the easiest eBay scams to avoid, if you take proper precautions:
Never reply to e-mail purportedly from eBay or click on links within them, even when you are expecting them. Instead, log in to My eBay, where all genuine messages, auction activity, and your account information are directly accessible.
Log on to My eBay on a regular basis just to check your account. Since it lists all bidding, selling, and feedback, you can see at a glance if anyone has hijacked your account. (If you think your account has been hijacked, report it to the eBay Security Center. See also "Where to Report Auction Fraud" on the last page of this article.)
Never click on user-created links within auction listings, which can be phishing links that lead to phony eBay log-in pages.
Safeguard your password. Don't allow your browser to automatically enter your eBay or PayPal passwords, and don't use the same password for both eBay and PayPal.
Consider using eBay's Toolbar;the toolbar offers alerts and protectionagainst eBay phishing sites.
Use antivirus and antispyware tools to help prevent infection by password-capturing Trojans and DNS hijacking (a trick that without your knowledge redirects your browsing so that instead of going to eBay or another site, you go to malicious pages). See our Spyware & Security Info Center for recommended products.
Fake and Misrepresented Items
Fake and Misrepresented Items
Getting what you paid for can sometimes be a challenge on eBay, thanks to sellers of counterfeit, doctored, and evasively described items. Fake Apple iPods, counterfeit batteries, and phony SanDisk CompactFlashor SD cards are regularly up for sale on eBay. The bogus iPods will be obvious the minute you open and turn them on, but you may not recognize memory cards and batteries as knockoffs until they garble your photos or set your laptop on fire. (Image credit: eBay seller aussieram.)
Other significant problems include used hardware--which could have defects or missing pieces--that is as sold as new, and sales of software that may be counterfeit, already registered, or a different or older version than buyers expect.
If you see Windows Vista Ultimate or Adobe Creative Studio 3 going for $50, it's probably not the real thing. But not all fakes are sold at low prices, many are listed in the same price range as genuine products, with photos of authentic items taken from manufacturer sites, making it almost impossible to tell something is counterfeit until you receive it.
Gray-market goods like digital cameras and camcorders are genuine but don't come with U.S. warranties. Another frequent deception is low-cost academic or OEM versions of software being misrepresented as full retail editions. You may discover the difference only when it comes time to upgrade, and you find that the serial number for your application is not eligible for an upgrade.
Any area that is a target for street counterfeits is also a big business on eBay. Designer handbags and accessories, watches, jewelry, perfume, cosmetics, DVDs, and auto parts are just some of the areas to be wary of. Tiffany sued eBay in 2005 alleging that more than 70 percent of certain jewelry items sold as "Tiffany" were actually counterfeit.
Other items may just be stolen. One eBay seller unloaded $78,000 worth of hot Harley-Davidson parts before getting caught earlier this year. He had been employed in a Harley-Davidson parts warehouse.
In the antiques and collectibles category, beware of reproductions and repaired or doctored items. Pottery chips and cracks can be repaired in a way that makes them invisible to the untrained eye, furniture and metalware may be refinished, and old stamps washed or given new perforations. A reproduction or repaired item may look fine on the surface, but it won't be worth anywhere near as much as an undoctored original when you try to sell it, as any viewer of PBS's Antiques Roadshow will tell you.
Even normal sellers typically write incomplete descriptions. For example, if you're looking for a used laptop, the description might not state whether the manual and recovery discs are included or whether the LCD screen has any dead pixels. Be sure to ask such questions or your purchase may not live up to your expectations.
Protect Yourself From Fakes
Vet the seller carefully. Read feedback comments to look for complaints of fake or misrepresented items. Beware of 1- or 3-day auctions, sellers or items that are overseas, and sellers suddenly unloading a lot of goods of a sort they have not sold in the past. Do not rely on labels like Power Seller or Square Trade. While most such sellers are honest, some scammers also have these designations. The logos provide information you can use in your overall evaluation of the seller, but they are not guarantees.
Know the products you're seeking. If you are not an expert in Tiffany lamps or costume jewelry, spotting the reproductions can be impossible. The more you know about what you are bidding on, the more likely you are to wind up with a good deal. Google is your research friend.
Ask questions. Don't bid until you know the answers. Assume nothing. Implications are just that, not guarantees. Ask for detailed photos, condition reports, return policies and shipping costs. And read every word in the listing. You are in control until the auction has ended.
Always use a credit card to pay so you can ask for a chargeback on fake items (more on this in the next section).
Consider using an online shopping comparison engine instead of eBay. While scammers advertise on shopping engines as well, you can get some peace of mind by shopping with a large company you know and trust. And shipping prices, an often-inflated cost on eBay, may be lower through Web retailers.
Payment and Bidding Fraud
Payment and Bidding Fraud
Okay, you've decided to buy widget A from seller B, or sell widget X to buyer Y; now how do you assure a safe and successful transaction? Unfortunately, there are just as many bidding and payment scams out there as phishing tactics. Some favorites:
Shill bidding: Bidders in collusion with the seller bid items up artificially. They may also bid high to discover your maximum bid, then retract it and bid just below your top price, forcing you to pay more than you should. eBay's practice of hiding bidder IDs on big-ticket items--while it reduces the number of e-mail messages from scammers to bidders--also makes it harder for users to investigate other bidders and protect themselves against this practice.
Bid shielding: A ring of bidders drives up the price early in an auction to scare off other buyers, then retracts bids at the last minute, allowing a low bid to win the auction.
Fake second-chance offers: If you lose an auction, you may get a legitimate second chance to buy the product if the high bidder backs out, or if the seller has multiple items. Scammers take advantage of this phenomenon and send bogus offers to the second-highest bidder in an auction, collecting their money and not sending the product.
Switch and return: Buyers receive your genuine item, switch it with a fake, and then return it for a refund.
Stolen credit cards: Any auction can be the target of a buyer with a stolen credit card, but overseas buyers of high-ticket items asking you to ship via overnight service are almost surely scammers. They may be using a stolen credit card or a hijacked PayPal account.
Refund-the-difference scams: Buyers send you a larger check or money order than the amount of your item, and ask you to refund the difference. The odds are about 100 percent that the check is counterfeit and you will be out both your merchandise and the money you refunded.
Wire-transfer black hole: The seller requires payment via wire transfer, often to an address overseas. The odds of you actually seeing your merchandise after sending a wire transfer are slim. And eBay has eliminated its former purchase protection policy. Only PayPal still offers any form of buyer protection.
Triangulation: This combination of stolen credit card use and account hijacking scams is perhaps the most insidious of all, with three victims. A scammer takes over victim A's eBay account. He then sells victim B an expensive item and collects payment. He orders the item from a site like Amazon with a credit card stolen from victim C and has the merchandise delivered to victim B. The scammer is long gone with the money before eBay, Amazon and the credit card company start coming after victims.
Protect Yourself From Payment and Bidding Fraud
Protect Yourself From Payment and Bidding Fraud
Again, vet the seller carefully. Read all negative or neutral feedback comments. Consider the length of time the seller has been in business on eBay, and how long he or she has been selling items like the one you are interested in buying.
Never bid until the last second. Use auction sniping services like AuctionStealer.com to place your maximum bid in the last seconds of the auction. This will prevent you from being the victim of shill bidding or bid retractions designed to make you reveal your maximum bid. You'll also likely pay less, while relieving yourself of the burden of watching the auction.
Accept second-chance offers only through My eBay. Legitimate second-chance offers come through the eBay mail system, and will be displayed on My eBay as special Buy-It-Now auctions for you only.
As a seller, don't allow returns. Unless you are making your living selling on eBay and can develop safeguards, allowing returns can set you up for trouble. Make this clear clear up front in your auction listings.
Wait a day or two before sending your merchandise to see if PayPal reverses the buyer's payment or eBay cancels the auction, as happened to PC World's James Martin .
Always use a credit card through PayPal . Never use bank debit cards. Credit card protections are much stronger and easier to fall back on than PayPal's. A simple phone call to your credit card company is a lot easier than jumping through PayPal's hoops, which can be difficult to get through. (And the best you can hope for is $2000 protection under very specific conditions ).
Avoid sending checks. If the seller does not accept payment through PayPal, think twice about bidding. For small items from vendors with good and recent feedback, it's probably fine to send a check or money order. Do not send checks or money orders for big-ticket items or if you have any doubt at all about the seller. And never pay by Western Union or other nonbank wire transfer--eBay does not permit sellers to ask for this, but scammers still do it.
Wait for the buyer's check to clear. It's okay to accept checks and money orders for goods you are selling, but only do this if you are prepared to wait a full two weeks before shipping, and be sure to make this policy clear in your listing.
Send only to verified addresses. PayPal's address confirmation system is a good way to ensure you are sending to the owner of the account, rather than to a hijacker.
Leave feedback only after you are satisfied. If you're a buyer, never leave feedback until the transaction is completed to your satisfaction. Once you have left feedback, you lose leverage with the seller. If you're a seller, note that eBay has just changed its feedback policies so that you cannot leave negative feedback on a buyer. To resolve problems with payment, you'll need to file a complaint with PayPal, or a nonpaying bidder notice with eBay.
Where to Report Auction Fraud
If you are scammed on eBay, report it to both eBay and outside agencies--see the links listed below. The more that fraud is reported, the more likely it is that something will be done about it. The IC3 and USPS may refer your complaint to law enforcement. The other agencies compile statistics that help in making laws and setting enforcement policies.
USPS (if shipped or paid for via U.S. mail)