Anatomy of an (attempted) eBay fraud
I love eBay. It brings out the best and the worst in people. By creating an egalitarian community, where reputation is based upon accrued trust, trading moves away from traditional monolithic principles of centralised payment, and into a far more distributed framework.
However, this approach makes it easy for a scammer to exploit trust. Now, I'm used to the usual low-tech phishing attacks: emails informing me that I need to login to my account, offers to buy an item before the auction has ended, queries about sending goods to bizarre parts of the world, and even the use of my pictures on duplicate auctions in China! But I encountered a new approach this week when I tried to sell a laptop.
The auction itself was fairly routine; a couple of queries from folks offering to take it off my hands for a token sum, or asking if I could ship it outside of the EU, plus some legitimate questions. However, in the last seconds of the auction the incumbent highest bidder was knocked aside by a fresh bid. No problem so far.
As is my normal practice, I checked the status and history of the winning bid. Surprise, surprise: a bidder with no history at all. Closer inspection revealed that the account had only been opened on that day. Not good.
It was pretty clear to me by this point that something was up, so time to crack out the privacy-invading toolkit. The eBay invoice gave a delivery address, which a quick check on Google Earth revealed to be a three-storey residential block in west London. Then on to 192.com, which confirmed no electoral roll registration, but did provide a home phone number. I tried the number with no response.
I invoiced the buyer and soon after received a reply in very broken English, stating that they'd like to collect the laptop later in the week. I emailed back saying that I would accept cash only, no cheques/bankers drafts, and after that... all quiet.
Meanwhile, the losing bidder contacted me to say that he'd been offered a second chance bid on the laptop, with the offer purporting to be from me, and once again written by someone who doesn't speak English as their first language.
There was no way I was going to ship this item, so at this point I reported the transaction to eBay and left negative feedback with a warning in it.
My assumption is that the buyer would either a) never pay for the item but use the 'won' auction to try to sell the item again, or b) try to pay for it with a bounced cheque. Either way, they've been foiled this time.
As a curious postscript, within hours of closing the auction I received a very slick notification from eBay to congratulate me on becoming a 'Silver Power Seller'. The quality of the email was legitimate - except for the URL which was clearly another phishing site.
In the end I sold the laptop to the second highest bidder who collected it on time and paid cash - but then from his positive rating, it was clear that he would.
My biggest frustration in all this is that with a state-level identification system, where every individual can assert their credentials online (without having to reveal their actual identity), and the government underwrites it against fraud, we could have a perfect trading community on eBay. As it is, I think it'll be many years yet before we purge these muppets from trust communities, and plenty of folks will fall for these scams before that happens...
10:55:17 AM 
|
