• On TechRepublic: Five reasons why Windows Vista failed

March 8, 2007 11:06 AM PST

eBay CEO: Phishers threaten user trust

By Anne Broache
Staff Writer, CNET News

  • Print
Related Stories

PayPal to offer password key fobs to users

 January 11, 2007

Tech titans lobby for national consumer privacy laws

 June 20, 2006

British man jailed for eBay phishing fraud

 November 1, 2005

eBay: Let's wait and see on tighter security

 May 4, 2005

Microsoft, eBay join antiphishing initiative

 February 14, 2005

eBay fights back against phishers

 January 4, 2005

Fraud lingers despite eBay efforts

 June 28, 2002

eBay CEO toasts Comdex crowd

 November 14, 2001

eBay's Whitman: Net has lots of fight left

 March 14, 2001

CEO Whitman looks overseas, ponders peer-to-peer

 August 17, 2000
WASHINGTON--eBay chief Meg Whitman said on Thursday that phishers pose one of the biggest threats to the customer trust that has sustained the auction giant.

Speaking at the Visa Security Summit here, Whitman said her company has been developing fraud models aimed at detecting unauthorized account access and hires experts around the globe to help law enforcement find criminals. But she said additional safeguards and educational campaigns are necessary to prevent consumers from falling prey to phony requests for their sensitive information--or simply getting annoyed and canceling their eBay accounts.

Meg Whitman Meg Whitman

"We...need to plug the holes in the system and make it next to impossible for fraudsters to reach our users," she said. "We need to make this so hard for the bad guys that ultimately they determine it's not worth their time to reach our customers anymore."

According to security researcher Michael Sutton, eBay and Paypal are the two most common brands targeted by phishers--together accounting for more than half of all phishing activity.

Whitman outlined three major steps that her company is taking to prevent users from succumbing to the phony e-mails and Web sites.

To start, eBay and its alternative payment subsidiary Paypal have worked with Microsoft to develop a blacklist of fake sites that look and feel like those companies' products but are actually used to glean personal information for illicit purposes. Microsoft's Internet Explorer 7 is capable of filtering out those and other phishing sites, Whitman said. She urged other browsers to follow suit.

eBay and Paypal are also currently signing all of their e-mails with "domain key signing," which Whitman described as "the equivalent of putting a signature in the form of encryption on each legitimate e-mail that leaves our system." She said the firms are urging major e-mail and Internet service providers to allow only those e-mails containing that unique signature to pass through their systems.

Finally, Whitman pointed to the recent availability of a Paypal key fob that generates a unique security code, to be used in combination with the user's password, every 30 seconds.

The eBay chief, who took the CEO helm in 1998, began her speech by reflecting on the days when auction buyers still paid for their purchases primarily via check, money order or even cash sent through postal mail.

"Can you imagine running your Internet business today and relying completely on paper money or checks?" she said to the crowd.

When Whitman joined the company, 8 percent of its merchandise consisted of Beanie Baby collectible toys, but it is now selling diamond rings every three minutes, cars every minute, and digital cameras every 30 seconds, she said. By the end of 2006, the site had 222 million registered users.

The success of big-ticket item sales rides on customer trust built through eBay's combination of user feedback tools and cooperation with major credit card issuers, Whitman said.

"We wouldn't have a $6 billion business today if we had not been able to work trust into that system," she said. "I know from my own experience at eBay that building and maintaining trust with customers is much easier than trying to get it back once it's lost."

CNET News.com's Joris Evers contributed to this report.

See more CNET content tagged:
Meg Whitman, eBay Inc., PayPal, phishing, payment

Add a Comment (Log in or register) 20 comments
Other concerns
by alegr March 8, 2007 1:34 PM PST
See readers' discussion on http://redtape.msnbc.com/2007/03/how_far_has_vla.html about what appears to be bigger problem of ebay.
Reply to this comment
Other concerns
by alegr March 8, 2007 1:34 PM PST
See readers' discussion on http://redtape.msnbc.com/2007/03/how_far_has_vla.html about what appears to be bigger problem of ebay.
Reply to this comment
Use common sense
by rsawyer_01 March 8, 2007 1:50 PM PST
All people have to do it read ebays and paypal scam faqs and they will easily find out that all they have to do is forward a copy of the email to either company.

Both ebay and Paypal will never tell you that they are going to close you account unless you use it. I have left my ebay account inactive for months(almost a year) at a time, thus same for my paypal account.

Just remember to use common logic when reading emails, and usually if its in the junk folder it is there for a reason.
Reply to this comment
Use common sense
by rsawyer_01 March 8, 2007 1:50 PM PST
All people have to do it read ebays and paypal scam faqs and they will easily find out that all they have to do is forward a copy of the email to either company.

Both ebay and Paypal will never tell you that they are going to close you account unless you use it. I have left my ebay account inactive for months(almost a year) at a time, thus same for my paypal account.

Just remember to use common logic when reading emails, and usually if its in the junk folder it is there for a reason.
Reply to this comment
Interesting attempt at Phishing
by skh1 March 8, 2007 3:27 PM PST
I recently received an email purportly from PayPal that appeared to be an invoice for a transaction I never made. It was an excellent copy of the type of email you get from PayPal when you make a purchase through them. Of course, it provided a link to click to dispute the charge because surely this must be some kind of "mistake". If I had followed that link, I would undoubtedly have had to submit my password to "log in" to my account. I forwarded it to PayPal instead who confirmed it was a phish. It was very plausible and I imagine someone could be easily fooled.
Reply to this comment
Check the properties on the link
by pmarshall March 9, 2007 11:03 AM PST
If you have any suspicions about an email, right click on any links and view the properties. Phishing attacks will generally have a convincing sounding link, but the underlying url won't match (it usually would point to a yahoo or other free account). This is always a dead giveaway. Sometimes they get smart and will mix in real urls with fake so if you only check one you get a false sense of security. I advise checking the actual address of any link before clicking into it.
Interesting attempt at Phishing
by skh1 March 8, 2007 3:27 PM PST
I recently received an email purportly from PayPal that appeared to be an invoice for a transaction I never made. It was an excellent copy of the type of email you get from PayPal when you make a purchase through them. Of course, it provided a link to click to dispute the charge because surely this must be some kind of "mistake". If I had followed that link, I would undoubtedly have had to submit my password to "log in" to my account. I forwarded it to PayPal instead who confirmed it was a phish. It was very plausible and I imagine someone could be easily fooled.
Reply to this comment
Check the properties on the link
by pmarshall March 9, 2007 11:03 AM PST
If you have any suspicions about an email, right click on any links and view the properties. Phishing attacks will generally have a convincing sounding link, but the underlying url won't match (it usually would point to a yahoo or other free account). This is always a dead giveaway. Sometimes they get smart and will mix in real urls with fake so if you only check one you get a false sense of security. I advise checking the actual address of any link before clicking into it.
I think not
by hunkyboi69 March 8, 2007 7:22 PM PST
Ebay dont really give a toss about security and user safety as long as it isnt affecting their profits.

They cant even stop spam being sent over their own system for christ's sake, the excuses I have had from them are completely pitiful.

The easiest way to stop all the conning that goes on on that pathetic auction site is for them to check every listing, as it is listed.

Even if you ask them to remove items because they violate their terms they take days to remove them.

Ebay need to learn, and fast.
Reply to this comment
I think not
by hunkyboi69 March 8, 2007 7:22 PM PST
Ebay dont really give a toss about security and user safety as long as it isnt affecting their profits.

They cant even stop spam being sent over their own system for christ's sake, the excuses I have had from them are completely pitiful.

The easiest way to stop all the conning that goes on on that pathetic auction site is for them to check every listing, as it is listed.

Even if you ask them to remove items because they violate their terms they take days to remove them.

Ebay need to learn, and fast.
Reply to this comment
eBay is the Worst site on the Internet at stopping Phishers!
by 99BlueGT March 9, 2007 6:09 AM PST
Ebay and PayPal are the worst at stopping Phishers. The phisher email I get from these site's is scary. The information that they have and the timely nature of the emails is very sophisticated. Just 2 weeks ago I order tickets on Ebay. My first Ebay transaction is over 6 months. Two days latter the phishers started again! They new my transaction date!
This article should be: this is the most unsuccessful implementation of anti-phishing on the internet. It's only attempt is to counter a class action lawsuit by showing a small effort on there part.
Reply to this comment
eBay is the Worst site on the Internet at stopping Phishers!
by 99BlueGT March 9, 2007 6:09 AM PST
Ebay and PayPal are the worst at stopping Phishers. The phisher email I get from these site's is scary. The information that they have and the timely nature of the emails is very sophisticated. Just 2 weeks ago I order tickets on Ebay. My first Ebay transaction is over 6 months. Two days latter the phishers started again! They new my transaction date!
This article should be: this is the most unsuccessful implementation of anti-phishing on the internet. It's only attempt is to counter a class action lawsuit by showing a small effort on there part.
Reply to this comment
The assault continues on Ebay
by lonewolf1234 March 9, 2007 6:46 AM PST
Check out these links. After you view them you will never do business on ebay, unless you like being scammed.

http://www.ebaymotorssucks.com/index1.htm

http://www.medved.net/cgi-bin/cal.exe?EIND
Reply to this comment
The assault continues on Ebay
by lonewolf1234 March 9, 2007 6:46 AM PST
Check out these links. After you view them you will never do business on ebay, unless you like being scammed.

http://www.ebaymotorssucks.com/index1.htm

http://www.medved.net/cgi-bin/cal.exe?EIND
Reply to this comment
Focus on Real, forget about fake
by howiem March 9, 2007 6:47 PM PST
I see a lot of user complaints about Ebay here, but not much indication that those complaining are taking precautions to protect themselves. After all, it's only their money. If users would bookmark (add to favorites) the REAL sites where they conduct financial transactions, and ONLY used the bookmark (favorite) to access those web sites, they wouldn't have to worry about going to a fake web site and would not get phished. Users should never access a site where their money is at risk by clicking on anything but the bookmark (favorite). Stop clicking links in email, on unknown web sites and in instant messengers to access your bank, Ebay or Paypal. Use the bookmark and navigate within the site to do your business. If you don't know the real URL for Ebay get a verification (anti-phishing) tool like the one from SiteAdvisor.com, and do some homework to be sure you have the real site, then bookmark it. Pick up the phone and call if necessary. Then bookmark the site. And don't forget to change the default password on your router so you don't get pharmed.
If you go to the legitimate site you won't get phished. Ebay and the banks should be giving this advice to their customers, and tell their users to focus on REAL, not worry about Fake.
Reply to this comment
Focus on Real, forget about fake
by howiem March 9, 2007 6:47 PM PST
I see a lot of user complaints about Ebay here, but not much indication that those complaining are taking precautions to protect themselves. After all, it's only their money. If users would bookmark (add to favorites) the REAL sites where they conduct financial transactions, and ONLY used the bookmark (favorite) to access those web sites, they wouldn't have to worry about going to a fake web site and would not get phished. Users should never access a site where their money is at risk by clicking on anything but the bookmark (favorite). Stop clicking links in email, on unknown web sites and in instant messengers to access your bank, Ebay or Paypal. Use the bookmark and navigate within the site to do your business. If you don't know the real URL for Ebay get a verification (anti-phishing) tool like the one from SiteAdvisor.com, and do some homework to be sure you have the real site, then bookmark it. Pick up the phone and call if necessary. Then bookmark the site. And don't forget to change the default password on your router so you don't get pharmed.
If you go to the legitimate site you won't get phished. Ebay and the banks should be giving this advice to their customers, and tell their users to focus on REAL, not worry about Fake.
Reply to this comment
Duhhh... another lame excuse for an article...
by wbenton March 10, 2007 7:13 AM PST
Tell the public something they don't know... reporting the known isn's news!!!

FWIW
Reply to this comment
Duhhh... another lame excuse for an article...
by wbenton March 10, 2007 7:13 AM PST
Tell the public something they don't know... reporting the known isn's news!!!

FWIW
Reply to this comment
Ebay Has Become A Swamp of Scammers
by jwall March 19, 2007 10:08 AM PDT
If you try to sell a high-ticket item, you will have to negotiate a swamp of phishers, scammers and assorted lowlife. I've been a member for years and it has gotten ridiculous. There is nothing you can do to prevent a scammer from winning your auction using a stolen identity. Do not send any merchandise until payment is received by your bank.
Reply to this comment
Ebay Has Become A Swamp of Scammers
by jwall March 19, 2007 10:08 AM PDT
If you try to sell a high-ticket item, you will have to negotiate a swamp of phishers, scammers and assorted lowlife. I've been a member for years and it has gotten ridiculous. There is nothing you can do to prevent a scammer from winning your auction using a stolen identity. Do not send any merchandise until payment is received by your bank.
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

eBay (6.21%) 0.76 12.99
Dow Jones Industrials (2.74%) 223.09 8,372.18
S&P 500 (3.32%) 27.11 843.32
NASDAQ (3.16%) 44.13 1,442.20
CNET TECH (3.50%) 35.52 1,049.72
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET