Fighting malware and spam

eBay to roll out anti-phishing improvement

Member ID protection to go global after localised testing.

Online auctionhouse eBay is to roll out a system designed to reduce fraud from spammers and phishers to its core North American sites, after initial trials on eBay Motors, and later UK and Australian branches of eBay, were shown to be effective. The 'Safeguarding Member IDs' (SMI) system aims to reduce bidders' exposure to phishing attempts by concealing bidder identities in high-value auctions.

The normal system, wherein all bidders on an item can be checked out freely, is designed to minimise 'shill' bidding - a seller boosting their profits by placing bids themselves or through fake accounts. Such practices are banned by eBay, but for higher-value auctions will in future be defended against via other methods, as the exposure of bidder details grants easy targets to phishers sending spoofed 'Second Chance' auction notices, or even offers of private, off-list sales. The changes to the system, with bidders identified only by aliases, will be rolled out later this week to the main eBay.com site, as well as eBay Canada, and will affect auctions reaching over US$200 (or CA$220).

'eBay, and its online payments subsidiary PayPal, are well known as hugely popular targets for phishing, with most email users accustomed to deleting a handful of requests for account details on a weekly if not daily basis,' said John Hawes, Technical Consultant at Virus Bulletin. 'Big spenders are obviously prime targets for these scammers. We do see fairly frequent offers of second chances to buy items we've never thought of wanting spammed out at random, so this won't entirely stop this type of phishing, but any effort to protect users and keep down the fraud has to be a good thing.'

eBay's announcement of the decision is posted on its announcement board, here.

10 January 2007

Tags: