How to Buy and Sell on eBay Scam-Free

Ebay, Scam-Free

Avoiding eBay scams largely boils down to performing due diligence on your transaction partners and potential purchases, and being extremely careful about auction-related e-mail messages and payments.

Most eBay fraud falls into one of three broad categories, all of which affect both buyers and sellers:

Account hijackings: Criminals take over accounts with good feedback and use them to buy merchandise with stolen credit cards or to sell big-ticket items that are never delivered. 

Counterfeit, doctored, or misrepresented merchandise: Bogus products can be very hard to spot. Buyers end up paying more than an item is worth, and sellers of genuine goods can't compete on price.

Payment fraud: An endless variety of credit card, wire transfer, and bogus money-order scams cheat buyers and sellers alike out of both money and merchandise.

Account Hijacking

This is the biggest and most dangerous problem on eBay. Through phishing messages and bogus links in auctions, scammers get hold of your eBay password, which they can then use to take over your account and buy or sell with near impunity, leaving you holding the bag for transactions you had nothing to do with.

Common and highly effective phishing scams include sending e-mail messages that mimic those you are already used to receiving from eBay's mail system, such as questions from buyers, bid notices, and after-auction invoices. When the unsuspecting recipient clicks on a link in these messages (usually purporting to be the item page), it takes them to a phony eBay log-in page instead, where their account information is then captured. The malicious site may also be programmed to install a Trojan or keystroke tracker on the user's computer, which can then be used to capture other passwords as well, such as to PayPal or banking sites. (Besides the image above, go to Bustathief.com for more examples of eBay phishing lures.)

Scammers work fast with hijacked accounts, listing popular high-cost items like computers, iPods, and plasma TVs in one- or three-day auctions. After collecting the money, often sent to overseas accounts, they disappear, leaving the legitimate account holder to deal with irate buyers, possible police investigations, and a ruined feedback rating that may have taken years to build up.

The flip side of this scam is using the pirated account to buy a load of valuable and easily fenced items with a stolen credit card. In this case, the true account holder has to deal with angry sellers who are out both their merchandise and their money.

The latest twist on hijacking fraud: phishing pros are now selling kits that novice scammers can use to set up their own phishing sites and e-mail lures. The kits secretly send the collected data to the original developer. It's sort of a phishing pyramid scheme, where the lower levels take the risks and do the work, sending the spoils back up the chain.

Protect Yourself From Hijacking

While account hijacking is a rampant problem, it's also one of the easiest eBay scams to avoid, if you take proper precautions:

Never reply to e-mail purportedly from eBay or click on links within them, even when you are expecting them. Instead, log in to My eBay, where all genuine messages, auction activity, and your account information are directly accessible.

Log on to My eBay on a regular basis just to check your account. Since it lists all bidding, selling, and feedback, you can see at a glance if anyone has hijacked your account. (If you think your account has been hijacked, report it to the eBay Security Center. See also "Where to Report Auction Fraud" on the last page of this article.)

Never click on user-created links within auction listings, which can be phishing links that lead to phony eBay log-in pages.

Safeguard your password. Don't allow your browser to automatically enter your eBay or PayPal passwords, and don't use the same password for both eBay and PayPal.

Consider using eBay's Toolbar; the toolbar offers alerts and protection against eBay phishing sites.

Use antivirus and antispyware tools to help prevent infection by password-capturing Trojans and DNS hijacking (a trick that without your knowledge redirects your browsing so that instead of going to eBay or another site, you go to malicious pages). See our Spyware & Security Info Center for recommended products.