Watchdog group urges TradeMe to improve security
Press release – issued by the ScamBusters
Issued 25th
March 2007- “Scam Awareness Month”
Watchdog group urges TradeMe to improve security
Internet watchdog group ScamBusters today issued an urgent appeal for New Zealand’s biggest online auction site to improve its security procedures.
“A group of professional criminals based in Romania are targeting the site heavily at the moment” says spokesman Alf West, and it’s the increasing sophistication of these scams that worries the group.
“These guys are good,” says West. “They’re career criminals who specialise in online auction scams. They’ve sent out thousands of phishing emails which has led to the hijacking of some very established user accounts. West warns that the mass hacking of accounts is a new development which first began last year. “This has now reached serious proportions with new accounts being compromised on a daily basis”, he says.
ScamBuster Peter Andersen has been collating the hijacked accounts and auctions. He advises that so far 526 TradeMe user accounts have been identified as being hacked in the past twelve months alone. The scammers have used these accounts and a handful of new ones to run more than 1,850 fraudulent auctions. “They’ve offered over 94,000 individual items for sale”, he claims, “none of which exist.”
“The increasing social engineering skills demonstrated by these phishes are a serious concern” says Andersen.
The scammers post auctions for high value items like laptops and cellphones and almost always include an email address. “We need to make the point that these guys are not running auctions at all” says West. “They’re using TradeMe to gain email contact with potential victims.” He claims that while TradeMe eventually remove the fraudulent listings, the scammer’s email address is often visible for up to 24 hours at a time. ”For a 24/7 business that’s simply not good enough” he says.
Those who make contact with the scammers believe they are dealing with a New Zealander and normally receive an email saying something like, `I’m in London on business at the moment.’ The prices are tempting and victims are persuaded to send money via Western Union or other forms of money transfer“.
ScamBusters advises that this wave of phishing emails, account hijackings and associated scam listings are a continuation of the Romanian criminal activities that have dogged TradeMe for the last four years. And the group claim that TradeMe’s own system is helping the scammers.
“Once an account has been hijacked the scammer has access to that user’s last 45 days of trading history, including the email addresses of everyone he’s sold items to. The Romanians appear to be using that information to build their database of valid TradeMe users’ addresses. This results in another round of phishing emails, more hijacked accounts and more fraudulent auctions” says West. “Our research shows that the problem is increasing exponentially.”
“TradeMe have always been reluctant to publicly acknowledge scams on their site,” says West. “That’s the reason we formed ScamBusters back in 2003.”
“But a 24 hour business like TradeMe needs 24 hour security. We’re hoping that Fairfax will start to take this issue seriously. TradeMe needs to make Address Verification mandatory for all users who want to sell goods on the site and it needs to beef up its internal security system to identify account hijackings.”
“We’d like them to make their members aware of the type of scams that are happening right under their noses and to be more proactive in locking these people out.”
With around 3,000 members spread throughout New Zealand, the ScamBusters operate online forums where their members can report and discuss scams in progress. They often make email contact with the scammers to profile their methods.
Details of the hacked accounts, the type of goods offered and the contact details used by the scammers is available in the members section of the ScamBusters’ forum. www.scambusters.co.nz/forum
= =
=
ENDS