July 26, 2017

Penny Deals, Bots Power eBay Scammers

Automation allows a criminal to quickly establish a new eBay profile, purchase a bunch of one-cent items, and have those profiles populated with lots of positive feedback.

Penny Deals, Bots Power eBay Scammers
Penny Deals, Bots Power eBay Scammers

Say hello to the feedback scam. The InformationWeek report on security firm Fortinet’s discovery of the bot-powered scam does the one thing that can truly damage user trust in eBay: artificially inflating positive feedback scores.

Feedback is how eBay users police themselves. It takes time to earn a modest amount of positive feedback, which will only be given to those who live up to their auctions. A profile with minimal feedback advertising a pricey item for sale will likely be avoided by regular eBay users, unless they avail themselves of an escrow payment service.

Now positive feedback is available for a price, just a penny per entry. With sellers of one-cent items using bots to manage those sales, the scammer can quickly set up a bunch of new accounts, use bots to make those one-cent purchases, and reap the automated positive feedback generated by the sellers’ bots.

Not many bidders on a choice electronic item will look much more deeply than the feedback received. Buyers can view the auctions that the seller participated in from the feedback window, and see if a bunch of one-cent items were purchased, but only if those auctions are less that 30 days old.

Guillaume Lovet, a researcher with Fortinet, did note in his research some typical similarities with these pumped-up profiles:

(T)he same striking pattern is repeated over pages and pages: most user names are made of six to eight random letters and bear around 15 evaluations. Having a look at these profiles reveal that they’ve bought roughly the same items – all for 1 cent.

Those bots tend to purchase the same items, and receive the same standard feedback from each seller bot. Lovet likewise commented on this:

In a nutshell: Two bots are talking. And doing business.

This is a good example of a “cyber” symbiotic phenomenon (aka a win-win situation): sellers are making cash without doing anything, and scammers owning the fake accounts are building positive feedback, again, while sleeping, watching porn, or chatting on IRC – and only for a fistful of bucks.

Indeed, With that 1 cent rate, building 100 accounts with 15 positive feedbacks each cost $15. And 100 accounts are a reasonably solid base to set up a good deal of bogus auctions.

Caveat emptor.


Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:

About David Utter 902 Articles
David Utter is a business and technology writer for SecurityProNews and WebProNews.