Fraudsters go Phishing on eBay

Internet fraudsters are using the eBay web site to solicit payments from successful auction bidders. The fraudsters make use of eBay's system to send questions to any user who is selling items, enticing them to pay for a recently completed auction on which they placed bids, or to make a "second chance" offer at winning a lost auction.


Traditional eBay frauds have involved using a compromised eBay account to sell nonexistent items and collect payment through instant cash transfer services such as Western Union or MoneyGram. Now the fraudsters are widening their reach by requesting payment for items sold by other users, which is much easier than attempting to compromise a user's account.

The fraudsters make the scam look more plausible by setting up a number of illicit eBay user accounts. One of these accounts is used to sell items, which are then instantly purchased for a small price by the remaining accounts. Trust on eBay is typically gauged by the amount of positive feedback left for a user, and this method allows a reasonable level of positive feedback to be generated in a matter of minutes.

The fraudsters use their eBay accounts to search for high value auctions that have recently ended. The bid history page for an individual auction contains a set of hyperlinks to each bidder, allowing the fraudster to see if any of the bidders are currently selling any items of their own. The fraudster can then embed their request for payment within a question about one of the items being sold by the bidder.

This type of fraud shows more potential for success than traditional phishing attacks, as it is time sensitive. Winning bidders are more likely to succumb to such frauds when they are expecting to receive an email demanding payment shortly after the auction ends. Temporal phishing is something we expect to see more of, as it is easy to achieve both manually and on a massive automated scale.

A variation of this scam is to offer a bidder a "second chance" offer at winning an auction which ended a week or more ago. This uses an email which pretends the real winner has backed out of the auction, and so the item is being offered to one of the other bidders at a lower price. Many experienced eBay users have never received a second chance offer before, so the unfamiliarity with the system - coupled with the fact that a number of weeks may have passed - makes this appear to be an equally effective method.

A more advanced version of the scam operates over a much longer time period. A large number of users are monitored to see if they have any items for sale, and carefully crafted questions are automatically sent in the hope that some users will reply. Unless each user explicitly chooses to hide their email address in the reply, this supplies the fraudster with a list of email addresses belonging to real eBay users. When one of these users is seen to win an auction, the fraudster can then send an email which looks exactly like an eBay invoice. This is the most effective method because it is less traceable and the email does not need to contain the warning header that is included in questions sent via the eBay web site.