Schneier on Security
A blog covering security and security technology.
« Imagining Threats |
| This Week's Movie-Plot Threat: Fungus »
June 19, 2009
Fraud on eBay
I expected selling my computer on eBay to be easy.
Attempt 1: I listed it. Within hours, someone bought it -- from a hacked account, as eBay notified me, cancelling the sale.
Attempt 2: I listed it again. Within hours, someone bought it, and asked me to send it to her via FedEx overnight. The buyer sent payment via PayPal immediately, and then -- near as I could tell -- immediately opened a dispute with PayPal so that the funds were put on hold. And then she sent me an e-mail saying "I paid you, now send me the computer." But PayPal was faster than she expected, I think. At the same time, I received an e-mail from PayPal saying that I might have received a payment that the account holder did not authorize, and that I shouldn't ship the item until the investigation is complete.
I'm willing to make Attempt 3, if just to see what kind of scam happens this time. But I still want to sell the computer, and I am pissed off at what is essentially a denial-of-service attack. The facts from this listing are accurate; does anyone want it? List price is over $3K. Send me e-mail.
EDITED TO ADD (6/19): It's not just me.
EDITED TO ADD (6/24): The computer is sold, to someone who reads my blog.
EDITED TO ADD (6/25): I'm not entirely sure, but it looks like the payment from the second eBay buyer has gone through PayPal. I don't trust it -- just because I can't figure out the scam doesn't mean there isn't one. And, anyway, the computer is sold.
EDITED TO ADD (7/3): For the record: despite articles to the contrary, I was not scammed on eBay. I was the victim of two scam attempts, both of which I detected and did not fall for.
Posted on June 19, 2009 at 11:55 AM
• 115 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I realize Bruce is pissed but from here its an interesting security/fraud drama unfolding. I cant wait for chapter 3!
Bruce: sign the back, and post a new blog post about "Does anyone want my personal, signed laptop". Maybe offer a personal note from Bruce on the cover. If you really want to shift the laptop, exploit the celebrity status of the only man on the planet who can encrypt something so well that Chuck Norris can't decrypt it with his fists.
...as an added geek lure, include all your crypto keys on the hard drive, encrypted, but in some obvious location.
Same thing happened to me when selling my canon digital camera. I finally managed to sell it on my 4th attempt!
Me thinks this sort of ebay fraud is more commonplace than ebay would admit...
I like the idea of seeing how far this goes! Another option, though, is just using craigslist. Stuff on there tends to go pretty fast and is low on the scamming threshold (at least from the buyers' end). You do have to deal with the hassle of people coming out and looking at it, though.
This is why I stopped selling stuff on eBay, and switched to CraigsList.
Then again, the flake factor on CL is much higher.
Seriously you used all caps? Oh and why is there no mention of any meme?
How do you thing Ebay is making revenue?
I used to sell full-time on eBay but it is precisely this kind of garbage that forced me to give up. It is far more common than eBay admits. If your item more than garage-sale value its going to be targeted like this.
As someone who hasn't sold anything on ebay, but has bought several things over the years - I would probably be wary about your listing if only because it doesn't include a real picture of the item you are selling.
Bruce, are you kidding me? The joke here is not the fraud, it's your listing. You're selling a 11.1 inch 1.33ghz USED laptop for 1.5K. Your age is really showing.
currently from dell.com i can get
-Intel® Core™ 2 Duo P7350 (3MB cache/2.0GHz/1066Mhz FSB)
-Edge-to-Edge FullHD Widescreen 16.0 inch RGBLED LCD (1920x1080) W/2.0 MP
-4GB4 Dual Channel DDR3 SDRAM3 at 1067MHz (2 Dimms)
-500GB5 5400 RPM6 SATA Hard Drive
-ATI Mobility RADEON® HD 3670 - 512MB2
for only $1,399
@Mike: he is selling a Sony, not a Dell. It is like selling a Cadillac vs a Pontiac. Same car, different price just for the brand.
@Bruce: why not asking a refund to the vendor? After all he is the one at fault.
Craigslist fraud-free? The last 5 times I've offered items on CL, I have received 8-10 responses from someone in [city in another state] who is presently leaving for [vacation|job] and would like their "shipping agent" to pick up the item, with payment by either Western Union or a cashier's check for more than I am asking, and would I be kind enough to wire the balance to [probably Nigeria], less a reasonable gratuity for my efforts. And this in spite of specifying "local and cash only" in the ad. I've actually had better luck with eBay, but I was selling off some vintage gear, not a current laptop.
While Craigslist is a neat service, there are some other threats. Most CL transactions happen in person and therefore susceptible to physical attacks.
One student in the university I work in placed his laptop on sale on CL, someone contacted him and they agreed on a meeting place. Once the student got there, the student was beaten up by theives and the laptop was taken away. I agree that the lesson here is to meet strangers in fairly active and crowded public places, but people normally don't think of such threats. Ebay fraud is of a different kind, but at least there is no physical harm.
@Mike: I'm assuming it's the additional 64GB Solid-State Drive that pushes the price up.
I hate Sony and I don't like Subnotebooks, but I like Bruce, so I'll offer $US 29,-- for the 320G Harddrive.
@Leetminion and Mike: The laptop he's selling is also an ultraportable, weighing in at 2.7ish pounds. Those are still on the cutting edge technology-wise, and therefore expensive.
eBay hasn't been worth the effort for years. You're better off selling it on CL or some other locally-targeted forum (I find Usenet still works for this, too). Either that or more directly use your "social network" of friends who might be in the market for such a thing.
I just give away anything worth less than $100 because it's just too much of a hassle dealing the scams and haggling and shipping and other crap associated with an open market. I'll sell something worth $2000 for $1500 if it is a smooth, local transaction.
I gave up on eBay a long time ago. There is no punishment for buyers to scam sellers. I've had listing where the winning buyer changed their mind after the auction ended - thus making me eat the listing fees. The process to dispute this is a royal pain.
Craig's List is great- simply require a deal in cash only, in person with the buyer.
Bruce: Seriously, you need to autograph this with a big ol' sharpie. Post it again, stating that you're going to wait for the funds to clear after [reasonable time] days.
So, let's see:
- eBay is all but useless for large-ticket items because of endemic fraud.
- eBay is becoming all but useless for small sellers because of recent terms-and-conditions changes that favor large commercial sellers and are hostile to small sellers.
- PayPal, owned by eBay, is now the sole payment method allowed to be used on eBay (as I understand it).
Is there a shark in eBay's future, or did eBay jump it already?
@Hub: are you kidding me? a sony? my family have had a few of them and when performing maintence on them i have grown to see how much of a pile of shit they are. They install all kinds of sony software shit that slows down the computer.
@L33tminion: a ssd 64gb sata on newegg is $200. not that much at all. I could add that to a new laptop and still have it be less than he is asking for
@q. even if it is 2.7 pounds. i would not pay around $1,000 over what i would normally pay for something like that for just a few pounds
A pricey used netbook infected with Vista at US$1500. No legitimate customer wants this. (Although the Vaio series is pretty neat.)
I treat eBay the same way I treat gambling and strip clubs: Never bring more than you're willing to lose.
Even if you do manage to seal the deal keep all the paperwork. PRINT OUT all the tracking info and keep it in a file for a few months. PayPal claims you can't file a dispute after 30 days but I know a couple of people who got nailed when they tossed the paperwork (after 30 days) and then a dispute was filed two months later. Since they didn't have the tracking info the money was yanked from their accounts.
Mostly I buy trinkets on eBay any more. Other stuff I do on Craigslist (bring friends and a weapon :) ) or I donate and take a tax deduction.
Speaking of which, you could always see if The HeliOS Initiative could use it...
I'm just waiting for someone from The Register to buy it and write a "tell all" about all the data they recovered from it.
I am not sure what vision eBay had for itself when it was created, I assume it was something like "We intend to be the world's leading facilitator of equitable transfer of value between remote strangers" or something similar.
Somewhere, seemingly in the last 5 years, that vision has been lost and replaced with the attitude that GM had in the '60s, McDonalds had in the '80s, and Microsoft has today; namely: "What competition? There is NO competition to US; we are IT and you will deal with US or suffer; so suck it up, pay us and get back on your heads".
And so they sit back, ignore the complaints of their customers and build up a huge backlash of badwill for when someone DOES come up with a suitable substitute. Or wind up being the first ones up against the wall when the revolution comes.
I follow LaRoch's strategy. My eBay persona revolves around the following strategy:
Selling - I sell stuff I no longer want and is mostly clutter - if it goes away and I have only spent a few $$ in mailing charges and I don't get paid - well at least it didn't end up in a land fill.
Buying - I only use PayPal - if I don't get what I want I can always cancel - I never buy anything for more than about $50 so even if it is complete junk - I chalk it up as *whatever* and move on with life.
Meh, this is just an example of the risks of one seller (usually anonymous) making a transaction with an anonymous buyer. All you've got to go on is their reputation score.
@ Unix Ronin
I feel they jumped the shark when Paypal started charging a fee based on a % of the sale instead of a set fee. The larger the sale, the more you see go down the tube even though the actual transaction is any different from the sale of $1 item.
I tried selling my Apple G4 on Ebay. Someone bid on it, when I contacted them for payment, all I got back was "lol". Even when its obviously fraud, you have to wait a long time for Ebay to refund you the 'transaction fee' (in this case 30 euros).
I ended up selling it via a local second hand site rather than ebay. I now only use ebay for buying low-value items and have stopped selling via it.
nb: I used to work for an eBay competitor. We got out of the p2p auction space because of the issues indicated above, which were more in the mid double digits of auctions instead of the fractions claimed by their site, although we were more computers/home electronics in nature.
Craig's list has been fine; we have been selling extra furniture and appliances from our previous home which was foreclosed on. If I get a real buyer (and they get obvious quickly if not), there have been no problems with cash transactions and either pick up or delivery. And I even had an out of state buyer for a bassinet, who had a local relative pay for and pick up the item.
Pricing is an interesting choice; high enough to be believable and haggleable, but not too high to discourage all inquiries. Too low, and someone will want to buy for (almost) nothing, or will decide it must be junk if you are selling that low.
Would you sign the cover?
Would you take some gold Krugerrands for that laptop?
Modern society, sorry, people will pull your chain, just for the thrill.
A tax writeoff perhaps as a contribution somewhere? Just an idea.
Somebody will buy it somewhere. Best of luck.
Don't leave us in suspense. What kind of scam did you draw on attempt #3? You're about due for a Nigerian overpayment scam.
It'd be interesting to see what would happen to ebay fraud rates if ebay used IP block bans to keep out Romania and all ISPs serving Nigeria.
Donate it and take the write-off. Unless you're doing this as research for future articles on the fundamentals necessary for trustworthy commerce.
On second thought, I take it back: don't donate it. At least not right away. Keep using it as a prop in this exploration of scammery. Also, try different ways of presenting your product: cheesy and scamlike, personal and warm/fuzzy, etc. This could turn into some really interesting Bruce Schneier stories to tell around the campfire.
You should sell the laptop (signed by you) along with signed copies of a couple of your books. You're almost guaranteed to get more for it that way, and you'll almost certainly get more interest than you would for the almost-new-but-otherwise-undistinguished laptop by itself.
And just maybe you'll get enough bids to thwart the scammers.
@ Just Kidding:
"I'm just waiting for someone from The Register to buy it and write a "tell all" about all the data they recovered from it."
Unfortunately the computer went unused, so there won't be anything interesting on it.
If I had the money I'd be more interested if it were (slightly) used too, though. Even though I can't really believe Bruce wouldn't do a secure wipe of the harddrives.
I'd buy it if I had the cash. (And if Bruce signed it. :) )
This is a pretty decent machine given its size. Netbooks are great great and all, but an Atom just can't touch a Core 2 Duo.
We've got a couple of these tiny Sony's around work and they're pretty nice machines. I normally don't recommend Sony, but they're small and have gorgeous screens.
As of now, the auction is closed.
So part 3 of the "Bruce Schneier Sells a Laptop" chronicle should be arriving soon.
bruce, i'll take that lappy off your hands. i'm going to send you a check for $3500 and i'll need you to send me the difference and the laptop. let me know where to send the check.
It would probably be quite the feather in the cap of a scammer to have scammed Bruce. Even if its a local pick up with cash, you may want to check those bills closely.
Scams seem pretty common on eBay and PayPal, but as Bruce indicates in his case here, both attempts were detected in time.
About the debate on whether Sony makes good or bad computers, the answer is: "Bruce bought one, he is not happy with it, therefore Sony makes bad computers."
Ebay is famous for saying that fraud occurs less than 0.1% of the time. While this may sound like a very small number, when you aggregate over all of their sales volume, this represents upwards of $100,000 in fraud per day. That's a lot! I am always very cautious about using this marketplace and only use it as a last resort.
I wonder if you're not charging enough for it. Could be people are assuming you're a scam because it's too cheap.
Five months ago I submitted a request to eBay to cancel my account. The reply I received was that they would stop all transactions but could not close my account for six months.
Not an issue at the time, glad I made the decision, one more month....
I agree with many others about CL. Requires caution like all things, cash in hand, very public meeting place, bring security inside and out....
If it includes all the software, research, data, writings, I might be interested...
The simplest solution is to make it a proper auction, not a Buy it Now, so the sale doesn't close just because some scammer wanted to try his luck.
The worst you'll get from a 7 day auction is messages *asking* for an early close. I've sold several laptops like this, and though a few people asked to pay by moneygram and have it shipped to Nigeria, the eventual winning bid was always genune.
To the people who think it's expensive: It's a 13" with a low power CPU, and a 64gb SSD in addition to the 320gb spinning drive. That's a pretty good deal - especially when you have the opportunity to say you have Bruce Schneier's laptop. :)
I'm with Eric - sympathetic and fascinated. When's the next episode in this soap opera?
I have a maxim: "Never buy a laptop on eBay". I guess the corollary is "Never sell a laptop on eBay".
Sorry to say this and perhaps sabotage the sale, but don't buy Sony, my last one burnt up two main boards in 3 years.
You're price is too high. You should have an auction with a reasonable reserve price.
The best way to protect yourself is to have the auction end on a Thurs or Fri and promise to ship on Monday. Then ship with a method that allows you to recall the package.
Most importantly, only accept bids from people with reasonably positive feedback.
Are you posting these under your name, or a pseudonym? Are people just trying to con you for bragging rights, or are you saying this is a systemic problem?
Given that many blue collar criminals are moving to white collar crime and that the current economic situation will drive crime; I suspect that eBay will become a more difficult place to buy and sell without being scammed - especially on big ticket items like computers.
It won't surprise me if there are more than 3 chapters to this story...
Just imagine the T-Shirt: "I scammed Bruce Schneier!"
I used Craigslist to find a vacation apartment in Manhattan. EVERY SINGLE RESPONSE of the eight property owners I contacted was either obviously a scam ("send me the money within two days via Western Union") or set off my spider-sense - for instance, copied-and-pasted reference details between different property owners. So we're staying in a hotel because the risk of turning up to find we've been scammed is just too great.
Has anyone developed fraud proofing tutorials? I like scam school for general learning but I was thinking what to look for in bogus transactions online.
You don't need ebay (that's the speciffic you (as in Bruce), not the generic one).
Ebay facilitates transactions by acting as an uninterested, trusted third party. Or at least, that what it hopes to do.
If there is trust, there is no need for ebay.
(ebay also helps to advertise, but I think in your case this blog does that well enough :-)
Offer the laptop for sale here on your blog. I'm sure you'll get plenty of people willing to trust you and send you a check. Wait for it to clear, then send them the laptop.
I'd put in a bid myself if the thing ran Linux, and if shipping it down under wouldn't double the cost......
The only thing i would sell at eBay is a live baby albino elephant. And shipping charges is on them or... i will be glad to see them personally pick up the elephant. Payment term is Pay-On-Spot.
I second your idea. Bruce should be safe by selling only to someone who's been on his mailing list for more than, say, four years or so.
But the notion of scamming him may also be irresistible....
This is exactly the sort of problem escrow services solve. The problem is finding someone trustworthy with, at least, a national reach. I kind of like the idea of seeing the US Post Office offering a new class of service called "Escrow Mail."
jrronimo: Me too!
How about a raffle? I could afford a few raffle tickets...
Who would sell a time machine on eBay for 800$'s?
In a venn diagram that would be the intersection of the set of someone who no longers wants his time machine and the set need 800$s
Set realistic price (sale price ~$1k, start price half that if it's an auction) and you might sell to a non-scammer.
Since eBay associated with Paypal, I've never understood why anyone took them seriously. Paypal is the only non-bankrupt company I can think of offhand whose reputation is worse than Microsoft's.
That laptop isn't worth $1500.
I have a 1.8 intel core duo, 2G Ram, and 2x250G HDDs
On top of that, it's got a 17" screen. Plays FPS online games just fine.
Paid ~$800 new.
Who's the dumbass that bought the laptop?
Anyone else think this would make a great reality tv show?
Watching cryptographer and computer security specialist Bruce Schneier deal with everyday situations.
I did not read through all the posts, but probably Paypal put a hold on the funds as your feedback is very low, and the computer is in a high risk fraud category. But with Ebay/Paypal, you never know. They don't tell the truth. This is not the same good old simple Ebay everyone.
I think PayPal is more to blame than eBay to be honest. I sell iTunes certificates once in awhile (because I need to repay the favor that I always buy UK cards off there because there are songs that I want that are not in our store) and it's like I always get buyers who are from a different country but have US addresses as their shipping info.
I always have to refund them because it's like, I don't know how they managed it. People know ways to get US bank accounts without being a citizen and I don't want to sell to those people because they're committing identity theft. The other thing is that these people want their money's worth NOW, so they immediately ask you for the product after payment and you know, if you're not verified, your funds get put on hold. It's always been a mess for me for that very reason.
I've tried contacting PayPal's CEO, Executive, and just everybody I could get a hold of, there's is just nothing that they're willing to do.
peri ... regarding 'Escrow Mail' ...
This service has long been available: Collect On Delivery (COD). Unfortunately, it doesn't work internationally. But for the domestic U.S. market, these days you can even combine it with overnight delivery (Express Mail) or two-three day (Priority Mail). Buyer pays the Postal Service when it is delivered to them (cash or personal check). You can get delivery confirmation or even have them sign for it.
Go to usps dot com and type in COD in the search field.
Dear Ebay Bidders:
WANT TO GET FREE STUFF OFF EBAY?
Buy using PayPal. Then, after you have received the item, file a claim with PayPal and use these magic words: ''NOT AS DESCRIBED.'' PayPal will immediately HOLD the money in the seller’s account--just for you. Next, send back an empty box, for proof of return of course. After that’s done, PayPal will instantly give the buyer their money back, every time. My friends and I have claimed thousands of dollars in free stuff off eBay this way.
Also, ''NOT AS DESCRIBED'' works in cases of buyer’s remorse. It doesn’t matter if the item is described accurately, or even if the seller has a “no return” policy. PayPal is so stupid; they will refund your money back again, and again, and again. You won’t believe how easy it is. Thank you PayPal! You're a real pal.
This is not a joke. If you don’t believe me, try it and you’ll see.
@ThatiPhoneGirl: is there some reason why only US citizens should have US bank accounts? When I lived in the UK I had a bank account there, and I wasn't a citizen. I closed it after I came home, but as far as I know I didn't need to.
actually I think the best way for Bruce Schneier to sell something on the internet would be to not represent himself there as Bruce Schneier. As has been mentioned before, who would not want to wear a shirt with "I scammed/hustled Bruce Schneier" on front and back. (And than have the schneier facts changed to "Bruce Schneier sniffes a scam before the scammer knows himself he is scamming, unless the scammer is .")
Of course, I would pay the full price, but only after I got away with not paying.
I'm amazed by this blog entry and thread.
I sell laptops on eBay, among many other things -- I run one of the largest consignment sellers in the UK.
With several thousand transactions a month, we nearly never get this sort of fraud attempted on us. Maybe it's because we're big enough to have an account manager at eBay/ Paypal, but to be honest I think that has little effect on their standard procedures -- just helps us with the volume.
9 times out of 10 the buyer SNAD fraud described above is not successful either.
@bruce -- I will happily sell this laptop for you on your behalf for eBay/Paypal fees only. Just email me.
I had a very similar experience trying to sell a new notebook on eBay. The scammers really come out of the woodwork when you are selling a high value item like that and they see that you not have lots experience selling items on eBay. I got a good laugh reviewing the questions that I received in response to my listing.
Wow. Not sure I wanna take the time to list all the things I do and do not do, but of hundreds of sales and a decent number of purchases in the past 5-6 years, I have had one thing I disputed, and it ended up okay.
It's very easy to avoid fraudulent transactions, even selling high value electronics.
@Harry Johnston: I personally don't know whether it's legal or not, but what I do know is that you have to have a social security number and address that matches to sign up. There are guides floating around the internet showing people how to accomplish this and the form they're using is identity theft. Had $200 stolen from me and so I looked up the guys name and address, turns out he wasn't from Vietnam. He called PayPal to get the account closed, never saw the $200 back though.
Craigslist? I used them at an inadequately secured (as opposed to my buttoned down tight machine) machine at a library to try to find a new place to stay. I now have a gmail account that gets 200+ spam email messages per week because of it. What caused it? Probably a combination of both Craiglist, and perhaps an infected computer but definitely an inadequately secured computer at the library. So I suspect this is just Bruce's attempt to emulate what us ordinary mortals go through.
RME. Bruce, either sell the machine to somebody you know at a reduced rate or donate it to some good will place. If you write me privately I can give you the name of several good will places that will accept the donation. I assume you did what I would have done to the hard drive. First, I would have converted it to have one huge ext2 (reiser may preserve something, NTFS WILL preserve something) partition and created the file system on it. Second, I would have attached it to my nix box, mounted the partition and then used my program that keeps writing small files (several megabytes) of either all zeros or pseudo randomly created bytes (your choice) until it cannot write anything more onto that partition. The program unlinks the last file after syncing it server times to prevent a file system panic. Third, I would let it sit there after it had wrote the files for an hour or so and then afer several "sync" commands, removed all of the files. Fourth, I would umount the partition. Fifth, I woud dd (data dump) a megabyte of zeros onto the start of the drive. Sixth, I would reinstall the OS with some name other than Bruce Schneier. Why is it that Windows people don't believe the machine deserves its own name? You did do all of this didn't you? If you didn't, pick the person you sell it to very carefully and be sure you know them really well. But the DoD approach of using those giant magnets they use to raise cars to degauss the disk followed by the sledge hammer treatment will work fairly well too. IOW, this is some sort of an experiment and I am trying to deduce what Bruce is up to. It isn't about just selling a laptop. I am sorry, but I have to work against the devious all the time (I am not accusing Bruce of devious but he is very intelligent just like the people I battle with) so I am pretty sure some nonlinear thinking is going on here. LOL. I just wished I had more time to discover what the experiment is about. PS: Thanks for the TwoFish cipher. I use it all the time and it works great.
How to sell on eBay
1. Require and accept Paypal only. I know they are evil but it keeps most of the scammers away.
2. Do NOT use Buy-It-Now. Scammers don't want to wait or run the risk of losing an auction. Make it a proper 3 or 5 or 7 day auction.
3. Ship only to the US (and say so in your auction listing) This greatly reduces the International scammers.
4. Wait at least six hours (preferably 24) after receiving your Paypal before shipping. For high value items use FedEx or UPS who can stop shipment even after you have shipped it in case something goes wrong with the payment.
I sell shit on eBay all the time, and while I have had several attempts I have yet to get scammed. I find it much much easier to buy postage online and drop stuff off at my 24-hour local post office than to try to arrange a face to face meeting with a shady character I've never met and only exchanged emails with.
eBay does have its problems but if you have half a brain and use some common sense you won;t get scammed.
So lets say you are selling a PC and get a scam purchaser asking you to send it to Nigeria. Given the volume of scamming that appears to originate there, is it entirely unlikely that the PC you send will be used to perform further scamming?
In short, is there anyone out there who wishes they could have a few minutes alone with a scammer's and/or spammer's PC? Surely you savvy white-hat coder types could plant something on it before shipping.
All that would do is target one person. If you're going to the trouble of creating and unleashing a white-hat "welware" (opposite of "malware"), it would be much simpler to spread it virally on the intertubes than by putting it on a single machine and shipping it to Nigeria.
Anyone intending to use a public computer (like hhhobbit at a library above; or as I did last month in a hotel lobby) should boot off a known clean disk.
This link provides an .iso you can download and make into your own boot disk (or boot thumbdrive). It basically boots a "small" linux with a browser and practically nothing else. If you are interested it's at (well, in truth it's there whether you are interested or not): http://spi.dod.mil/lipose.htm
I learnt my lesson on ebay a year ago.
Don't bother to sell thing that are more than $100 .. you are likely to loose money.
1. Paypal policy of putting hold on money hurts sellers and protects paypal only.
2. Ebays filters of "new users" are useless. You can't block a 0 FB user from bidding, by the time they get a -1 - you are down $200! Ebay surely doesn't want newcomers to be blocked by it.
3. There is more sophistication to this - some buyers have high FB rating and if you look closely more than 90% of their rating are "mutual" with a few other names - sure sign of scam that EBay can stop but won't.
It's not for nothing they call it a fleebay.
Well I mean "fleabay" .. but "flee-bay" works too!
Bruce, what's ironic about your situation is that you were acting as seller and paypal considers computers a high risk category and has a policy where they can do payment holds and even credit report. Seems to me that they do no preventative action to protect the sellers from the bad operating buyers.
My last 5 or 6 attempts to sell on ebay have gone the same way. I've finally given up on the damnable site. Speakers, computer parts, systems, and so on. My last 2 auctions included the caution that it would take me 3 days to ship after receiving payment, and when winners contacted me to make payment and I responded "I will be able to ship [today+3]" they just stopped correspondence.
Had I the money, I'd offer to buy the laptop. I'm in the market for an upgrade, but lack funds.
I guess I'm just lucky. I've sold on ebay for ten years and shipped to people in Russia, Belarus, Turkey, Greece, and I think every western European country; never a problem. But I don't deal in electronic items; that may explain the difference. I also never use Buy it Now; always seven-day auctions.
If the newspapers did a mashable with ebay it might help save the newspaper business and ebay. Classifieds continue to decline and now ebay is in decline. Newspaper people are good at flushing out fraud, so there's a built in security function.
E-bay and Paypal are major fellation experts, I signed up for a online pan handling site the owner of the site hid the full terms and agreements on a second page, I was unaware that I'd be billed a second time, which caused me to be overdrawn, so I refused to pay and closed my account, I was basicly told tough feces by Paypal when I told them what happened, now my account is still locked 4 years down the line. As Rick Marcinko would say , doom on you E-bay.
I have a similar story as your Attempt #2 that was "unusual" but seemed so legit that my usual cynicism failed me and I shipped off a MacBook Air before the PayPal dispute halted my transfer to a real account.
Thanks to FedEx intercepting delivery, I got it back. Sharing this story among friends, I've heard a few stories that eBay is internally panicked about how pervasive the problem has become.
I've found both ebay and craigslist to be absolutely useless for selling any electronics. Every 'bidder/buyer' is a scammer, wanting me to send the phone to Nigeria (oh yeah, that's going to happen) and/or sending fake paypal mails showing a 'payment is pending"). I've given up, if I want to sell something that uses electricity, it's local only.
Neither seems to be all that great anymore. The last time I tried to sell something on CL, I got one semi-legit response and half a dozen scammers. eBay ended up working out better, though I still had to wade through a bunch of crap. eBay needs to police accounts better or someone will cone along and beat them at their own game.
@Hans: eBay is scared? They act more like they're AFK. It seems to me they are just sitting back collecting fees and smirking behind their hands that people are having to list over and over and over (fees all the way down). They know it will lead to their demise - they just want to milk the market for all its worth during the remainder of the time suckers are willing to trust them, while incurring absolute minimal costs (for example if they had customer service, that could be a cost).
Bruce - here's your chance; set up a "validBay.com" auction site where people have to register similar to a PKI class 3 CA to bid and class 4 to sell. BT could initiate this, they'd have the rep needed to give the site authenticity while starting up. Plus they could have TV ads where the girls had cute british accents, americans go nuts for that.
P.S. for those not-in-the-know, AFK is a WoW term (Away From Keyboard). It means lazy people who enter a "battleground" (specific team oriented combat arena where superior equipment can be earned) and then they walk away from their PC. They come back and have been awarded credit for whatever the working members of the team did while they were away, even though by taking up limited slots they decreased the performance of the team, possibly turning a win into a loss. Essentially leeches, parasites.
LOL at "for those not-in-the-know, AFK is a WoW term (Away From Keyboard)".
I was messing around in MUGs in the mid-late 90s and AFK was old terminology even then. Ah, you young people that think you invented everything. :)
Ebay Belgium is now allowing members to validate their accounts using the belgian electronic id card. So validated users have "signed" their account using the certificate + PIN. This ofcourse doesn't cut back on hijacked accounts but it at least shows the account really belongs to whoever they claim to be.
Bob: The library wouldn't allow me to do that (boot to a mini-Linux) or I would have done it. I was using their machines, not mine. According to them it violated security and it was BIOS password protected to prevent changing the boot order. Removing the battery would have got me kicked out of the library. I didn't even have to ask - they had it all on a posted sign. But if you ask me, any email address on eBay, Craig's List or any place else like that makes your email address a spam target. At the time I just didn't have many options. Are you going to give it try number three Bruce? I finally decided you did this to force us all to examine the risks in all of this. Good job. I liked everybody's comments because they forced me to think about it and I learned some things. I am pretty sure that unlike the disk from Northrop Grumman that I saw on a PBS program last night Schneier's is (was?)using full disk encryption. The Northrop Grumman disk was totally unencrypted. It didn't even have encrypted files on the drive! They made the point on the program really well though. For disks with sensitive information, out came the sledge hammer. It is cheap, efficient, fast, and gets the job done. I threw in the degaussing as a red herring. But it is faster than a disk wiper program. My version of wiping it is faster than the Windows way of doing it and I have only done it twice, both times on a disk I either sold or gave to others. I am still baffled how that disk from Northrop made it all the way onto another side of the planet though. Moral - take great care in how you dispose of old hardware. For us mere mortals (a not so well known blocker is a mere mortal), SR gets the nod for the best way to proceed from a human standpoint. Just make sure the drive has been thoroughly wiped if you intend to sell it or give it away. If you have been using full disk encryption it is probably good enough to just shove that one MB of zeros onto the start of the drive. Bye bye file system, boot information and any nasties in the boot sector of the drive. even if you have been using full disk encryption. I still favor blowing it all away and starting fresh. It is also a great way to undo the damage of a malware infested machine (what I am accustomed to hearing people complain about). The problem is most mere mortals don't have a Windows OS install CD. Now what do we do for them? Suggestion - install one of the freebie versions of Linux and let the buyer worry about it.
Laptops seem to be a scam-magnet. When I recently had two desktops and a laptop that I wanted to sell, I posted them on Craigslist. Both desktops got inquiries only from normal people actually interested in purchasing them -- but the laptop had scammer after scammer wanting to buy it sight unseen and wanting me to ship it to their son/daughter/niece/nephew on a work-study program in Nigeria.
I started selling on eBay in April 2000. It was a terrific service until about two years ago. Now, with fraud, eBay's abusive policies, requiring the use of PayPal (an unlicensed bank who can screw you over) and all the Chinese PowerSellers, it has been ruined. I haven't gone on there in months and unless there are HUGE changes I will never sell on eBay again.
And the management doesn't care.
The simplest solution seems to be the following:
1) Use a proper auction without "Buy It Now". If necessary, use a sufficiently high starting bid or reserve price in order to ensure it won't sell for less than you're willing to part with it for.
2) Only allow pre-approved bids/bidders. (I'm pretty sure eBay does allow that; I've seen it on high-profile auctions before that would otherwise get flooded with joke bids.)
But yeah, generally, I'd agree - I occasionally buy things on eBay, but I'd never attempt to sell anything there.
I managed to sell a locked 8GB iPhone 3G for about $500 on eBay.
But, to be frank, my method was pretty much hit-or-miss: I had a friend on the phone 'cause I couldn't be in the front of the computer, and he had to use his judgement to add suspicious bidders to a block list, and removing their bid as fast as possible so as not to discourage legitimate buyers.
That is, bidders with very low transaction count/registered date were primary target, as well as those with seemingly random user names. I'm sure we'll left some legitimate buyers this way, but it was the only way I felt it was possible to sell a high-ticket item on eBay.
I previously tried with a used laptop, but couldn't sell it for the same reasons. I ended up using the latop until its death.
eBay not only is of little help when it comes to fighting spam and fraud, but they actually don't refund the listing fee in case you have been victim of a scam attempt, which can be pretty high if you want all options.
That's really dishonest.
Don't really know what to do to curb account hijacking; I already use a long password with letters, numerals and special characters, but that may not be enough.
Well guys i run a site called eBuster that expossed fraud on eBay and documents eBays responce and in the past two weeks i've had to move the site due to a DCMA notice, the FBI wants a word with me because i host a copy of a fake login page eBay failed to remove but it's realy eBuster's psihing attack so ebay seems to be saying.
Far be it from me to say it's dirty tricks from eBay to close a critic down but if you care about freedom of speech then keep an eye on the site and if it's down then you know eBay has suceeded.
togeather we can fight crime :)
In my experience it's always most productive to use a marketplace where the sellers and buyers are most familiar with the products being offered.
eBay, while hugely famous, and just plain huge, is not that place. For example, you don't sell a 1964 Ferrari on eBay, you use Barrett-Jackson.
For computers I like to use a well trafficed trading board that's part of a "geek culture" website. The buyer's know a good product when they see it, and the sellers typically are offering useful goods that have been well cared for.
Find the marketplace specific to your item, whatever it is, and you'll have few headaches, in my experience.
nb- the autograph idea is great!
I do freelance copy writing and often, on these job websites there are people looking for "virgin" e-bay accounts. Presumably those that aren't tainted with previous bad behavior. How do people get away with this?
Very funny juxtaposition. Bruce proclaims that "eBay is completely broken" for selling laptops after two failed attempts (corroborated by the five failures of the 'consumerist').
But just above in the same blog Bruce chastises a newspaper for announcing that co-sleeping kills 20 babies, without examining the denominator: how many babies are not killed by co-sleeping? So, how many laptops are sold on e-bay without incident?
eBay has been broken for a long time. You can't even trust people with seemingly good track records. There are plenty of people selling positive feedback.
Here's an example of one of the people selling positive feedback for 6 pence.
If there is to be a reputation system then it needs to be based on the amount being spent. Reputation being awarded by feedback should vary, with users making larger purchases having greater reputation to offer.
It wouldn't do away with the problem of hacked accounts, but it would go some way to restoring the feedback system.
Surely the lady who made the attempted scam in the second sale would have been successful if she had waited until she had received the laptop before reversing the PayPal payment? As a frequent seller on eBay it now alarms me that every payment I receive by PayPal can apparently be reversed with no (or only minimal) analysis by PayPal of whether the reversal is fraudulent on the part of the buyer. This has only happened to me once, and it was on a 30 GBP item so it didn't bankrupt me, but my feeling of outrage still endures (I was sent a fraudulent payment and PayPal reversed it after I had sent the item, so I lost the money. But why should I be penalised because someone defrauded me via a banking service that I was forced to use? In a response that I thought must be a joke, PayPal recommended that I 'contact the buyer and ask that they return the item'. On what planet are they living if they think fraudsters are likely to return goods to the people they have defrauded?). I would dearly like to be able not to offer PayPal, but eBay has made it compulsory - presumably to reassure buyers. I read an article in (I think) The Economist recently, pointing out that what sets eBay apart (and makes people put up with their TERRIBLE customer service) is that fact that they are almost unique amongst online sale sites in having lots of buyers. Many, many sites have lots of sellers, but very few have lots of buyers, and ergo eBay values their buyers way above their sellers. I do both, and I have to report that the selling experience is considerably worse than the buying one. I am in the process of shifting my sales to my own websites because I am so appalled at the way they treat sellers, but I share the regret of others that it has gone this way - I have been a seller since 2000, and until about 2007 it was a fantastic way to sell. No more though - and it's not the scammers that are the problem for me; it's eBay itself. The comment above pointing out that their arrogance is similar to that of GM, Microsoft et al, when they were in a virtual monopoly position, seems to me to be right on the money. To quote Roland 'Tiny' Rowland, eBay seem at the moment to be 'the unacceptable face of capitalism'.
Oops, sorry - I think it was Roland 'Tiny' Rowland who *was* 'the unacceptable face of capitalism'!
Their proactive security measures have really been scoring some black eyes lately too... Johnny Long with the Hackers for Charity mess. And, they reported me to the FBI for a screenshot I have up of a phishing email. Seriously: http://www.ghettowebmaster.com/legal/...
My daughter posted her laptop on e-bay. a person from nigeria bid and paid for it on paypal last night, wants her to ship it to nigeria. any thoughts?
DONT SHIP IT! The chances of having a legit sale to Nigeria is a million to one.
I blocked most of LACNIC, China and all of Afrinic at a former job. Our business was regional and we received nothing but spam from asia, south america, and africa. I can't imagine accepting traffic from Afrinic unless it was somehow a business requirement.
The fraud on eBay is now a lot less than a few years ago, so I am a bit surprised at your experience, but unfortunately it still does exist. There is a way to limit who bids on your auctions. When you are doing your listing, look for the buttons that say "who can bid on my auctions" and click all three to make it restrictive. This will restrict new buyers and those with bad feedback.
Sell on ebay skip McGrath
I'm just trying to sell 2 hard drives. I specify the USA only. I've had bids from Armenia... bids from folks with ratings from different people who've used the same phrase... bids from army folks in Iraq... bids from new accounts w/zero ratings. Selling computer gear brings out the FUH-REAKS!!!
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.