Complain about a product or service

Consumers Question eBay's Security

"Not Our Responsibility," eBay Tells BBC

By Martin H. Bosworth
ConsumerAffairs.com

December 20, 2005

eBay • Merchandise Not Received • Misrepresentation • eBay Motors • Shilling • Miscellaneous Complaints • Sellers Complaints • Defenders --- News • eBay: Where Recalled Items Live Forever • eBay Ignores Scam Victim • Class Action Against eBay • Sunday Times Reports Widespread Shill Bidding on eBay • Boston Man Charged with Hacking eBay • Consumers Question eBay's Security • Recalled Products Routinely Listed on eBay • eBay Faces Shilling Suit

Although the customers of online auction giant eBay are frequently a target of phishers and fraudsters, critics say the company turns a blind eye to the potential endangerment of its users.

In an interview with BBC's Radio Five Live, Gareth Griffiths, head of "trust and security" for eBay's operations in Britain, said that it was the responsibility of eBay customers to install proper security software, and not to click on suspicious phishing e-mails that enable fraudsters to steal users' personal information.

"It is nothing really to do with us. We provide you with tools to help yourself," said Griffiths.

Phishing scams consist of what appear to be friendly or verifiable e-mails or Web pages that ask the reader to submit their personal information.

The pages are, in fact, controlled by hackers who use Web surfers' trust of popular sites like eBay to gain access to their credit card information, addresses, Social Security numbers, and so on.

eBay's immense popularity as the world's #1 auction site makes it a prime tool for swindlers and hackers.

eBay users have been hit with phishing e-mails multiple times in recent years, including an attack in August 2005 that actually directed readers to the genuine eBay log-in page, but then redirected them to a "fake" page in order to steal their information.

Members of a UK-based identity theft ring were arrested last month for an eBay-related phishing scam that defrauded 160 people and stole nearly Ł200,000 during 2003 and 2004.

Ringleader David Levy faces four years in prison for what the presiding judge called "a persistent course of criminal conduct with a callous disregard for those who lost money".

While it's true that Web shoppers and surfers should utilize security protections such as firewalls and spyware blockers, and be smart about what e-mails they answer, it is eBay that oversees the business transactions that go on throughout its site and, under certain circumstances, it could be held responsible for criminal activity carried on by third parties through its site.

Perhaps with that in mind, eBay recently offered a toolbar extension that users add to their Web browsers to alert them if they visit a "spoof" site.

However, many consumers argue that eBay could do more when it comes to protecting the security and safety of its users.

Most of the complaints ConsumerAffairs.com receives about eBay's fraud protection and security center on its process for reporting frauds and the response time to address the issue.

Take the case of Ann from Mountain View, CA, who found out someone was using her account information without her consent.

"Someone was trying to sell a motorcycle using my username and account. Of course my eBay account was charged for the listing, and since it was a vehicle, the cost was over $30.00. I attempted to contact eBay about the issue several times, but did not receive a response."

Ann said that since she lives right around the corner from San Jose, Calif.-based eBay, "Perhaps one of their customers knocking on their door will help resolve my issue. The e-mail system does not seem to be an effective method of communication."

Then there's Melissa from Williamston, NC, who lost nearly $1,500 when she put a bid in for a kiddie pool through what she thought was a trusted eBay site.

"My question is this: How secure is eBay if someone can 'clone' their site even to the point that you can go straight into eBay's site and ask questions, contact their security, and so on? It just seems unbelievable that something as big as eBay can not and will not help you get to the bottom of this."

Some incidents are more bizarre than damaging. Just a few days ago, the ConsumerAffairs.com email administrator receive an email addressed to "consumer@consumeraffairs.com," an address that is not currently in use. It read:

Dear user: beer-mug has informed us that they have not yet received your payment for the following item: 1915 Amatuer SG Photo BATON ROUGE LA. Capitol Bldg.

The email looks quite authentic and contains numerous links to actual eBay pages. It invites the recipient to respond by logging into the My Messages section of eBay. The "Respond Now" link embedded in the email, however, goes to an address that ends in ".kr," the Internet suffix used for Korean sites.

Thus, one who responded to this email and attempted to log into his or her email account would, in fact, be giving away their eBay log-in information to what is most likely an international fraud ring.

Perhaps eBay, which had revenues of $1.1 billion in the third quarter of 2005, can't be blamed for this, although it has not gone as far as many other online sites in setting up a secure log-in that cannot readily by copied.

Bank of America, for example, uses a system that displays a unique graphic chosen by the user when the customer enters his user ID. Only if the correct graphic is displayed does the user enter his password.

Banks and brokerages are adopting similar and, in some cases, even more elaborate systems to ensure that phishers cannot easily duplicate their log-in process.

To echo Melissa's question: "How secure is eBay?"

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.