eBay School: Safety guide
As of today, I've used eBay for about five years. I have found a lot of great bargains there, but also met my share of scam-artists. So far, I haven't fallen in any of their traps, but there has been some close calls.
This lesson is not about run of the mill pitfalls such as crummy sellers, sub-standard merchandise and bogus warranties. Nor is it about counterfeit merchandise and copies. This lesson is about how you spot and avoid the crooks that use eBay (and some social engineering) to steal your money, or your identity, or both.
1. Beware of your own greed
The most important thing to remember, if you want to avoid becoming the victim of scam, is to use common sense. Most of the people that fall for scams are victims of their own greed. Face it: Nobody is selling a brand new, authentic, premium brand, highly popular item for a fraction of what such an item normally sells for. As the saying goes: If it's too good to be true, it probably is.
Fraudulent listings on eBay typically involves very expensive and much sought after items, such as expensive DSLRs (e.g. Nikon D3x normally selling for USD 7600) or lenses (e.g. Nikon 400 mm f/2.8 G ED AF-S VR normally selling for USD 8800). The scammers never own the item they offer for sale, but the description and images look plausible because they have been copied wholesale from another (legitimate) listing om eBay. The bait is a very low Buy-It-Now price, often just a 20 % of a fair price for the item. The scam is very simple: You buy the item for what you think is a bargain, the scammer dupes you into paying him, and then he disappears.
How to the scammer accomplish this? Read on to find out.
2. Beware of hijacked accounts
Usually, evaluating feedback is the best way to find out whether the person you are dealing with on eBay is trustworthy. But not always. Sometimes, the eBay account of a trustworthy person is hijacked by criminals. Read the section about phishing below to make sure that this does not happen to you.
An hijacked account will often have a most excellent Positive Feedback percentage (e.g. 100 %). However, since that percentage belongs to the real owner, not the criminal who now controls the account, it is useless. To avoid being misled by the high Positive Feedback percentage, you need to be able to recognise a hijacked account.
None the clues described below are conclusive evidence for an account being hijacked. You may come across one or two of them when looking at at legitimate auction or “Buy it now”-item. However, if you come across several of these in one auction, there are grounds for caution. Here's the list of clues:
- The item for sale is very expensive, and the auction time is very short (three days or shorter).
- The older feedback attached to the account (acquired by the real owner of the account, not the hijacker) seems to stem from buying and selling items totally unrelated to the expensive items now being offered. (E.g. expensive photographic equipment are suddenly being offered for sale by someone that whose feedback record indicates that he or she is only interested in antique snuff-boxes.)
- The older feedback is primarily in a language which is inconsistent with the sellers location (e.g. the seller is located in Russia but the older feedback is mostly in German).
- The auction page indicates that the item is located in, and will be shipped from, a country other than the country in which the seller is registered. (The hijacker may offer a creative reason for being in a foreign country.)
- The auction description is well written, while the shipping and payment details, as well as any responses to direct questions, are unnatural with poor spelling and grammar. This indicates that the description was copied from some other, legitimate auction, with the shipping and payment details added by the hijacker.
- The seller does not respond to direct questions.
- After the auction has ended, the seller informs the buyer that he is not able to receive payment by eBay-approved payment methods, often giving a creative reason. Instead, he suggests that the transaction is settled through some insecure payment method.
- There is a prominent statement on the auction page to email the seller directly, often in the form of the sentence “Please email me for the Buy It Now price”. The seller often states that email contact through the conventional eBay ask the seller a question-link can't be used, with some creative excuse.
3. Beware of transactions going “off-eBay”
While eBay users are anonymous to each others, eBay almost always knows who they are. In most cases of fraud committed through eBay, the victim do have some recourse. This, however, is not the case if an transaction initiated on eBay is completed “off-eBay”.
This means that scam-artists usually will attempt to trick their victims into going “off-eBay”. This may be as simple as the fraudster suggesting to the victim that price is negotiated and the transaction finalised through emails (often with the pretext that this will save fees). But there also exists more elaborate schemes where spoofed emails or other means are used to redirect the victim to a fake eBay website to make an “off-eBay” transaction appear to take place on eBay.
Here is how to determine that you are actually buying an item on eBay:
- Open a new browser.
- Use your own bookmarked link, or type in the exact URL of the eBay website you want to log in on (“www.ebay.com” for the US site) in the browser's web page address (URL) field. Never trust URLs sent you through email, even if the emails appear to originate from eBay.
- Click on “My eBay“ and sign in with your eBay user name and password.
- Make sure that the purchase is done while logged in on eBay by clicking the “Buy It Now”-button, or placing a bid on an auction and being the highest bidder.
- Finally, after the purchase has happened, make sure the transaction appears in your “Won/Purchased” list, and that the seller information in the end-of-auction correspondence is consistent with the auction item listing.
Completing an transaction off-eBay means that none the safeguards provided by eBay, including the eBay Buyer Protection Policy, (discussed below) apply.
4. Beware of payment options that provide little security
Most the safeguards provided by eBay can be found in the eBay Buyer Protection Policy already mentioned. For the eBay Buyer Protection Policy to apply, certain conditions surrounding the transaction must be met. Make sure you know what these are.
The two most important conditions that must be met to have an transaction covered by the eBay Buyer Protection Policy, is that the transaction must be completed on eBay and that the item must be paid for by the purchaser using the one of eBay's approved payment options. (Currently, there are three: the eBay “Pay Now” option that appears automatically at the end of an eBay purchase, an eBay-approved third-party checkout, or an eBay invoice.)
You should never pay for an item purchased on eBay using non-approved payment methods, such as MoneyGram or Western Union wire transfer, e-Gold, cashier's cheque, personal cheque, and direct bank transfer (to accounts in obscure banks in faraway places). Common to all these payments methods are that they affords little or no protection against fraud. These means for transferring funds are designed for transferring money to someone you know and trust. They have no place in business between strangers.
What characterises these types of payment is that any funds transferred are untraceable and unrecoverable after the criminal picks up the cash. Also, funds sent by most of these methods can be picked up anywhere in the world, not only where the victim thinks it was sent.
Sending a cash advance in the mail offers no protection against loss in the mail or plain fraud. Cash should only be used to settle transactions on eBay if the item is picked up by the buyer. You should of course examine the item thoroughly before you part with any cash.
5. Beware of misleading claims of buyer protection
The eBay Buyer Protection Policy discussed above is eBay's only means of offering buyer protection.
Some scam-artists, typically as an incentive to complete an transaction off-eBay, or using an insecure payment method, will make-up some fraudulent buyer protection scheme where all the restrictions that comes with the eBay Buyer Protection Policy do not apply.
To make such an invention appear real, spoofed emails supposedly sent by eBay or some third party buyer protection organisation offers the buyers various “guarantees”. These emails often assert that the seller has placed a multi-thousand dollar security deposit with the organisation as insurance against fraud, which of course is not true.
Some of names that have been used for this purpose (so far) are: eBay Courier, eBay Escrow, eBay Safety Board, eBay Security Center, eBay Trust, Mack, SecureTrade, Trade Secure, Safe Harbor, … I hope you get the idea.
(Some of the organisations named by above, such as Mack, exists and are legitimate businesses. Their names are simply misused by the criminals to create trust.)
Note that there exists a number of websites supposedly belonging to these organisations to which victims are directed. These sites usually tells the buyer that the seller is insured against fraud, and that completing a transaction off-eBay and making payment by some insecure payment method is recommended and required. However, since anyone can create a website and put whatever they will on it, you should never trust information just because you can read on the web.
6. Beware of bogus escrow agents
The scammer may also suggest that as an extra safeguard, the payment should be routed through an escrow agent. The buyer is informed that the escrow agent is an independednt an trusted third party that collects the money from the buyer and hold it until the buyer has received the product and reports to the escrow agent that he is satisfied. Only then is the money forwarded to the seller. If the seller fails to deliver, all the money will be returned safely to the buyer.
However, there exists a lot of fraudulent escrow sites that works with dishonest sellers to help them steal money. You should never trust an escrow agent just because there is a website claiming the agent is independent and trustworthy. If you want to use escrow to secure your purchase, make sure you've read and understood the information on this page. Also make sure you know enough about Internett addresses to be able to tell the difference between a real site, and a spoofed one.
7. Beware of items no longer listed on eBay
If a recent auction can no longer be found by searching for it using the item number, it indicates that eBay deleted the listing because it was determined by eBay to be fraudulent.
If you already have been in communication with the seller about the item, the seller may follow up on this contact and offer you the item off-eBay. Since it is very likely that the original listing was fraudulent, it is usually a bad idea to respond to such offers.
The same goes if you are approached by a seller you've done business with in the past, but now, according to his or her eBay profile is “no longer a registered user“. People may terminate their eBay account for many different reasons, but when the person is no longer doing business on eBay, the eBay safety measures will no longer protect you, and you need to treat any such offers with caution.
8. Beware of phishing
Phishing is a type of scam where an spoofed email falsely claiming to come from a trusted party (e.g. eBay, PayPal) dupes the user into surrendering information that can be used for identity theft, and more.
A typical phishing email may warn you that your eBay or PayPal account is about to be suspended unless you immediately log in on a specific web page to verify your credentials. Of course, once you do so, the criminals will have all the information they need to hijack your eBay or PayPal account.
Do not trust any information you receive through email. Any messages to you from eBay should appear in your eBay message box, which can be accessed once you log in directly on www.ebay.com.
In fact, you should never click on a link sent you in an email to access eBay, PayPal, a so-called buyer protection organisation or a so-called escrow site, or anything else related to eBay. A link sent you by a criminal will only take you to a spoofed site. Some of these spoofed sites may be set up steal your personal information, others may install a virus or a trojan on the your computer, or contaminate your DNS look-up to completely control your way around the web.
9. Beware of sellers requesting banking information, etc.
Related to phishing is sellers that use an eBay transaction as a pretext for extracting information that may later be used for fraudulent purposes, such as identity theft. For example, they may claim that they need your personal identification number, social security number, bank account details or credit card information in order to finalise an transaction on eBay.
This is never true. In fact, eBay is designed to allow users to carry out transactions without knowing anything about each other except the shipping destination that is obviously required in order to ship a purchased item.
If a seller requests banking information or any other personal details from you, the seller is breaking eBay rules. In that case, you should terminate all communication and report the seller to eBay's Resolution Center.