web smart
TRANSCRIPT
WEB SMARTThe Safe Online Shopping Guide 2006
Everyone’s doing it
CONTENTS
Welcome To eBay!
How Can I Shop Safely Online?
How Can I Get To Know The Seller?
What Is PayPal?
What Is Buyer Protection?
Case Study: Buyer Protection
Why Should I Complete My Trade On The Site?
Case Study: Outside EBay Purchase
Quick Tips: eBay Australia Safe Trading Tips
Quick Tips: What Should I Do If Something Goes Wrong?
What Is Identity Theft And How Can I Avoid It?
Case Study: ID Theft
What Is Phishing, Spoofi ng And Spyware?
How Do I Identify A Phishing Email?
How Can I Avoid Being A Victim Of Phishing, Spoofi ng And Spyware?
Case Study: Account Takeover
Where Can I Turn If My Identity Is Stolen?
Quick Tips: Combating Phishing And Account Security
How Can I Secure My Computer At Home?
Where Else Can I Turn For Advice?
Quick Tips: How To Buy A Car Safely On eBay Motors Australia
Eight essentials to remember about online shopping
2
4
6
8
10
12
13
16
18
20
26
28
30
32
34
36
38
40
42
46
48
back cover
The three most
important sections
in this book are titled
Quick Tips and include
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2
3
Hi, my name is Alastair MacGibbon, and I head up eBay’s Trust & Safety team in Australia and New Zealand.
An important part of my role is informing consumers of the choices they should make about safe online shopping. That’s why we’ve prepared this guide, to help you be safe when transacting online, to answer the questions you might have about safe online shopping and to allay any concerns.
More than ever before, Australians are shopping online. A large reason for this boom is consumers feel more confi dent about transacting online. In May 2006 eBay conducted a comprehensive survey1 of the Australian internet population to understand their trust and safety needs. According to our survey, three out of four regular internet users in Australia believe online shopping is becoming safer, a 10% increase in the 18 months since we last asked that question2.
My own experience here at eBay has been that the overwhelming majority of transactions are trouble-free and in the rare instances when things go wrong, simple actions by shoppers can prevent most of the problems.
Shopping safely online requires the same level of common sense and caution as shopping safely offl ine. This guide shows you what to look for and how to act. You can also fi nd this guide on eBay.com.au in the Security Centre.
Alastair MacGibbonTrust & Safety DirectoreBay Australia and New Zealand
WELCOME TO EBAY!
1 Survey conducted by Sweeney Research, May 2006. Study no. 05157.2 Survey conducted by Sweeney Research, October 2004. Study no. 14240.
r MacGibbonTrust & Safety Director
2
Alastair MacGibbon is a leading Australian authority on internet crime and safety solutions. Prior to joining eBay, Alastair spent 15 years as a federal agent in the Australian Federal Police working both in Australia and overseas. He was the founding director of the Australian High Tech Crime Centre (AHTCC), the national law-enforcement body charged with the responsibility of coordinating Australia’s efforts in combating serious crime involving technology.
3
The precautions we take every day when we visit our local shopping centre are so familiar to us that we no longer think about them.
These precautions include:
NEVER leaving your purse or wallet in an unattended shopping trolley
NEVER revealing your personal identification number (PIN) at a checkout
NEVER carrying large amounts of cash in your purse or wallet
NEVER letting your credit card out of sight after it has been handed over for payment
Similarly, when online, shoppers need to take sensible precautions when buying goods.Follow this easy checklist each time you shop online:
READ and understand safe trading guidelines provided by the site you are shopping on
HOW CAN I SHOP SAFELY ONLINE?
4
KNOW your seller Review their online reputation (ie eBay feedback), previous sales and comments by other shoppers who have bought from themUnderstand the eBay Member Profile (see pages 6-7)Read the item description carefullyAsk the seller questions if you need more information Look for and understand the seller’s refund and return policies
CHECK you are covered with buyer protection programs (see page 10 for more information)
USE secure payment methodsTake precautions when providing anyone with your bank account or credit card details. Entering these details on several different merchant websites increases the likelihood of your personal information being misused Pay smart by using PayPal to avoid your bank account or credit card details being shared with others (see page 8)
NEVER use wire transfer services such as Western Union or MoneyGram – these services are not designed for online shopping and offer no protection when things go wrong
RETAIN copies of all correspondence and communication from your purchase, in case of a dispute (see pages 20-25 for more information)
EXERCISE common sense. If an offer sounds suspicious or too good to be true, it probably is
KNOW your rights. Consumers have the same legal protections online as they do offline If an offer sounds too good to be true, it probably is
5
HOW CAN I GET TO KNOW THE SELLER?
Review the seller’s Feedback Rating – this is their online reputation. Click on feedback to view the sellers member profile
Check pictures and descriptions closely
Review the seller’s other items to assess the overall quality and type of items they usually trade
Ask the seller questions if you need more information
Check to see if the item is covered by PayPal Buyer Protection4 or if buying a car check for Vehicle Purchase Protection
4 The PayPal Buyer Protection Program is subject to the terms and conditions in PayPal’s User Agreement
1.
2.
3.
1.
2.
2.
3.
4.
5.
4.
5.
Check the listing
6
Review the seller’s Feedback Rating – this is their online reputation
The positive, neutral and negative comments provided by other members of the eBay community help customers evaluate a seller’s previous trading history and gain an understanding of their reputation
Review the seller’s other items to assess the overall quality and type of items they usually trade
Review the seller’s trading history, which shows items bought and sold over the past 90 days
Contact the seller
6.6.
7.
8.
10.
7. 9.
7.
8.
9.
10.
Check the member profi le:
7
Many of the concerns about online shopping, such as misuse or theft of personal and fi nancial information (see page 30), have been resolved by secure online payment services. PayPal (www.PayPal.com.au) is an online payment company owned by eBay which allows users to shop without sharing sensitive fi nancial information. PayPal has over 105 million accounts worldwide and is available in 55 markets. It launched in Australia in January 2005 and a year later had almost two million Australian users.
Why use PayPal?
PayPal makes online purchases safer and is more convenient than entering sensitive credit card or bank account data into each website you visit. This is because your financial information is never shared
To register with PayPal, you need only provide your account information once. It is stored on PayPal’s secure, highly encrypted server and is never shared with a seller or merchant
The only information shared with a seller when paying with PayPal is your name, email address and delivery address. You can elect not to inform the seller of your delivery address if you are paying for an item/service which does not require physical delivery
WHAT IS PAYPAL?*
* The PayPal service is provided by PayPal Australia Pty Limited ABN 93 111 195 389 as authorised representative of PayPal, Inc ARBN 111 900 906 (AFSL No. 283443). You should consider the Product Disclosure Statement (available at https://www.PayPal.com.au) and whether the product is appropriate for you before deciding to use it.
1.
2.
3.delivery address. You can elect not to inform the seller of your delivery address if you are paying for an
m/service which does not require physical delivery
8
4.
5.
6.
If PayPal users fall victim to a phishing email (see page 30), the company can make a payment to the user for their loss.
PayPal uses state-of-the-art systems and technologies to monitor account activity and employs a dedicated team of investigators who work directly with law-enforcement agencies to locate and prosecute online criminals
In Australia PayPal is regulated by the Australian Prudential Regulatory Authority, the Australian Securities and Investments Commission and the Australian Transaction Reports and Analysis Centre. PayPal also works closely with the Banking and Financial Services Ombudsman
Sending payments via PayPal allows you to shop online without sharing your bank account and credit card details with others
9
5 Conditions apply. The PayPal Buyer Protection Program is subject to the terms and conditions in PayPal’s User Agreement.
PayPal The Buyer Protection Program may provide coverage against loss of up to $1,500 on qualifi ed eBay.com.au transactions5 . This program protects eBay buyers against non-delivery of items as well as items that are signifi cantly different to their eBay listing descriptions. eBay sellers who qualify to offer PayPal Buyer Protection have at least a feedback score of 50 with a rating that is 98% positive.
eBay also has a Buyer Protection Program where members may be eligible for a payment of up to $375 if an item does not arrive or if it is signifi cantly not as described. The eBay Security Centre (www.eBay.com.au/securitycentre) is the one-stop shop for information about the eBay and PayPal Buyer Protection programs and safe shopping in the eBay marketplace.
Credit card users may be covered under their credit card’s chargeback facility. Check with your credit card supplier for more information.
WHAT IS BUYER PROTECTION?
10
Before buying online, check to make sure you are covered
6 Terms and conditions apply. Vehicle Purchase Protection insurance only applies to the purchase of an eligible vehicle by an eligible purchaser. Buyers must agree to the terms and conditions to make a claim.
Escrow. When purchasing high-value items (such as jewellery, artwork or expensive electronics), use a reputable escrow service, particularly for large amounts not covered by either the eBay ($375) or PayPal ($1,500) Buyer Protection programs. An escrow service holds a buyer’s money in trust until such time as the buyer has the opportunity to receive, inspect and approve the goods. eBay recommends the use of a reputable escrow service such as Escrow Australia (www.escrowaustralia.com). Do not use an escrow service recommended by the seller without fi rst checking they are legitimate.
Vehicle Purchase Protection. When purchasing a car on eBay, check that it is covered by eBay’s Vehicle Purchase Protection6 – it can provide up to $20,000 of coverage in the unlikely event something goes wrong (see www.ebay.com.au/vpp.html for more information).
11
Sharon Taylor In 2005, antiques enthusiast Sharon Taylor purchased a rare Royal Albert Old English Rose tea set on eBay.com.au. Unable to fi nd the tea set in Australia, Sharon was happy to purchase the item from a seller located in England for £250 (approx AU$610).
Four weeks after sending payment through PayPal, Sharon had not received the tea set and began to worry. She contacted the seller, who claimed to have mailed the item. Not satisfi ed with that explanation, Sharon decided to contact PayPal and lodge a complaint. With the seller unable to prove he had posted the item to the buyer’s address, PayPal found Sharon eligible for a payment of the full £250.
Sharon was relieved to fi nd that by using PayPal to purchase the tea set, she was protected by the PayPal Buyer Protection Program and able to conveniently recover her money. “There were no problems with the resolution process. Now I will only ever make a purchase using PayPal,” says Sharon. “If a seller doesn’t offer it as a payment option I don’t buy from them.”
Confi dent in the security of the eBay website and PayPal Buyer Protection, Sharon continues to shop online and recently purchased a $500 tea set from the US to add to her collection.
CASE STUDY
BUYER PROTECTION
12
A common tactic employed by criminals when attempting online fraud is to entice shoppers to make a purchase directly from them instead of the website they are shopping on. Think of it as if you were looking at purchasing a TV in a department store and someone in the store tapped you on the shoulder offering a bargain TV if you paid them upfront and picked the item up from them in a laneway the next day.
In eBay’s case, criminals will typically attempt fraud using a combination of a fake Second Chance Offer, payment via instant money transfer (such as Western Union or MoneyGram), a price which seems too good to be true and an urgent call to “purchase immediately or risk missing out”.
By luring shoppers off eBay, away from eBay’s monitoring of the marketplace, criminals leave their victims exposed. This is because off-site transactions are not covered under eBay’s or PayPal’s Buyer Protection Programs.
To avoid getting caught out:
Never trade off eBay. Ensure that you are the winning bidder or buyer onsite when the listing ends
WHY SHOULD I COMPLETE MY TRADE ON THE SITE?
13
Check My Messages to see if you receive any emails with a Second Chance Offer for an item you recently failed to win. To be sure it is authentic, the My Messages email must be titled “eBay Second Chance Offer for Item...” My Messages can be viewed in My eBay
If an offer sounds too good to be true, it probably is. With millions of items available online, there will always be other options
Never pay via Western Union, MoneyGram or other instant money transfer payment methods
Remember, eBay is a marketplace that brings buyers and sellers together: it does not hold items sold on the site, nor does it keep any money as a bond for sellers. In addition, eBay will not write to you to confirm the seller has sent the goods
14
- Example of FAKE second chance offer
Criminals will typically attempt fraud using a combination of:
Fake Second Chance Offer
Payment via instant money transfer (such as Western Union or MoneyGram)
A price which seems too good to be true and a call to “purchase immediately or risk missing out”
Treat Second Chance Offers with suspicion and never pay with Western Union
15
Zoe BuhagiarZoe Buhagiar was a fi rst-time shopper on eBay when she bid on a pair of designer sunglasses. She really liked the sunglasses and decided to make an offer to the seller of the maximum amount she was prepared to spend so long as they ended the auction early. The seller accepted the offer and asked Zoe to continue the deal directly through email and phone calls rather than using eBay’s standard procedures, which enable buyers to complete their purchase on the eBay website.
Zoe paid for the glasses by direct deposit but they arrived damaged with the lenses loose and two screws missing. She then went back to the seller, who agreed to fi x them at no additional charge and the situation was ultimately resolved.
Zoe now realises that she was lucky not to have had a worse experience. “I thought this negotiation was normal as I’d never been on eBay before,” she says. “I now know that as long as I complete the transaction through eBay I can be covered by a range of protective measures such as eBay or PayPal Buyer Protection.”
Although she experienced no loss, from now on Zoe will always ensure that she is the winning bidder or buyer on eBay before proceeding with the purchase. “I now always check feedback carefully, only communicate with my trading partner through eBay and always pay using PayPal.”
CASE STUDY
OUTSIDE EBAY PURCHASE
16
Get to know your sellerReview the seller’s Feedback Rating – this is their online reputation. The positive, neutral and negative comments provided by other members of the eBay community help customers evaluate a seller’s previous trading history and gain an understanding of their reputationCheck pictures and descriptions closely and review the seller’s other items to assess the overall quality/type of items they usually tradeAsk the seller questions if you need more information
Pay smart! Use PayPal.com.au, an online payment service that keeps your account information hidden from the seller. PayPal’s Buyer Protection Program may cover qualified transactions on eBay.com.au up to $1,500 where an item has been purchased using PayPal and was not received or was significantly not as describedDo NOT use Western Union, MoneyGram or similar cash and instant wire transfer systems
EBAY AUSTRALIA SAFE TRADING TIPS
QUICK TIPS
18
When purchasing high-value items (jewellery, artwork, laptops, etc…)Use a reputable escrow service, particularly for large amounts not covered by either the eBay ($375) or PayPal ($1,500) Buyer Protection programs. An escrow service holds a buyer’s money in trust until the buyer has had the opportunity to receive, inspect and approve the goodseBay recommends the use of a reputable escrow service, such as www.escrowaustralia.com.auBe wary of using an escrow service suggested by the seller
Follow eBay’s safe trading guidelineseBay’s online Security Centre is packed with useful safe shopping tips and information. Visit www.eBay.com.au/securitycentre
Don’t trade off eBay.com.auMake sure you are the successful bidder on eBay when the item is completedBe wary of any Second Chance Offers you might receive, especially if they request payment through an instant wire service such as Western Union or MoneyGram
19
The following advice can assist if you have paid for an item on eBay and it hasn’t arrived or it arrived but is signifi cantly different to its original description on eBay. eBay Customer Service also has dedicated Live Help instant chat services which can assist in these instances.
For item not received or significantly not as described go to www.ebay.com.au/INRprocess and click on the Live Help link
For Buyer Protection Claim inquiries go to www.ebay.com.au/BPclaim and click on the Live Help link
Problem: I purchased an item on eBay and it hasn’t arrived in the mailSolution: Check the listing
Review the seller’s terms of sale, item description, postage and payment terms.
Have you allowed enough time for the seller to receive and confi rm payment? Have you read the seller’s postage terms?
WHAT SHOULD I DO IF SOMETHING GOES WRONG?
QUICK TIPS
1.
2.
20
There are many reasons why delivery may take longer than you expect, for example:Postage and customs for international transactions can take time. Additionally, international bank transfers can take up to 14 days to completeMedia mail shipments (containing items such as books, videotapes, DVDs, etc) may take significantly longer than other postage methods
Some items may be custom-made or assembled before posting, which may cause delays.
Tip: Check Preferences in My eBay to make sure your delivery address is correct.
Problem: I’ve checked the listing and am sure the item should be here by nowSolution: Contact the seller
Most issues between a buyer and seller can be resolved through open communication. You can contact any eBay seller by clicking on the Ask seller a question link available on all items listed on the site. This feature allows you to send an email to a seller.
Alternatively:Click the My eBay button at the top of any pageClick the Won link in the left columnClick the item. To contact the seller, click the Ask seller a question link
In addition, the End of Auction email that eBay sends you after you have won the item also contains the seller’s email address.
Problem: I cannot fi nd the seller’s contact details in the manner suggested or the seller does not respond when I use Ask seller a questionSolution: Obtain the seller’s contact details from eBay
1.2.3.
21
eBay can provide you with contact details of any member with whom you are transacting including their name, telephone number and city. Remember, in order to obtain this information about another member, you have to be already involved in a transaction with them.
To request a seller’s contact information visit: www.ebay.com.au/sellercontact
Tip: Check your email spam fi lters for messages from the seller. It’s possible that the seller is trying to email you but your spam fi lters are blocking their messages.
Tip: Check your own contact details are up to date. Go to My Account in My eBay and click on Personal Information. Make sure your email address is correct.
Problem: I have contacted the seller and they have refused to offer a refund or they do not want to resolve this situationSolution: Open an online dispute with the seller
EBAY ONLINE DISPUTEIf you are in any doubt about or are not happy with your negotiations with the seller, open a dispute. You can open a dispute between 10 and 60 days after the transaction date (the date when the buyer commits to buying the item and the seller commits to selling it).
To open online disputes go to: www.ebay.com.au/onlinedispute
Alternatively use the Item Not Received Live Chat service at www.ebay.com.au/INRprocess where you can communicate with an eBay customer service representative via an instant messaging service.
22
PAYPAL ONLINE DISPUTEIf you have paid using PayPal, open a PayPal dispute. Buyers have up to 45 days from the date of payment to open a dispute and up to 20 days after fi ling the dispute to escalate to a claim (disputes not escalated to a claim after 20 days will be automatically closed).
To open a dispute, please follow these steps: Log into your account at www.PayPal.com/au
Select the Resolution Center tabClick File a disputeEnter or select the PayPal transaction ID for the transaction you would like to disputeReview the transaction information and select a reason for opening the disputeEnter in the details of the transaction and initiate communication with the seller in the Compose Message to Seller box
Problem: The dispute was not resolved to my satisfactionSolution: File a claim for buyer protection and leave feedback for the seller
If the dispute process was not resolved to your satisfaction, you may be entitled to lodge a claim in order to receive a buyer protection program payment. You can lodge a claim through the online dispute process described above.
Items purchased on eBay.com.au using PayPal may be covered under the PayPal Buyer Protection Program, which can cover qualifi ed transactions up to $1,500. If PayPal wasn’t used, eBay also has a buyer protection program where members can be eligible for a payment of up to $375.
Don’t forget to leave feedback. An eBay member’s feedback is their online reputation. While it may not be appropriate to leave negative feedback at the start of a dispute, it is proper to do so once negotiations have failed. This helps inform others in the eBay community that they may also encounter the problems you did with the same seller. To leave feedback, go to My eBay and click on Feedback (under My Account).
1.2.3.4.5.6.
23
Problem: eBay informs me that I undertook a transaction outside of the eBay siteSolution: Provide those offsite transaction details to eBay
Find out more information about these transactions and report them on the Item Bought Outside of eBay form, which can be found at: www.ebay.com.au/offebay
Problem: I have followed all of this advice and I still believe that I have been the victim of fraudSolution: Contact police/consumer affairs agency in the area where you believe the seller resides
Criminal matters should be investigated in the jurisdiction where the suspect was located at the time of the alleged offence.
If you are unable to contact police in that jurisdiction, your local police station will be able to provide you with contact details.
If you believe the matter involves a business you should also contact your state consumer affairs agency.
Make sure that when you do speak with police or the relevant consumer affairs agency that you are able to provide:
Copies of emails between yourself and the sellerAny records of the transactionThe seller’s eBay IDAny names by which the seller is knownAny mailing addresses, phone numbers and email addressesThe seller’s bank account (bank, account name, BSB and number) - if you paid via this methodOther means of payment involvedThe eBay item number for the listing/s in question (this is available in the top right-hand corner of all listings)
24
ChecklistTo resolve an issue with an eBay purchase, use the following checklist along with the previous information:
Attempted to contact seller using Ask seller a question
Obtained seller’s contact details from eBay
Opened an online dispute
Left feedback
Directed to Item Bought Outside of eBay form (if appropriate)
25
WHAT IS IDENTITY THEFT AND HOW CAN I AVOID IT?
Identity theft is the act of stealing personal or fi nancial information for criminal purposes, usually fi nancial gain. Identity theft affects consumers at home, at work, in shopping centres and on the internet.
Stolen credit cards, credit card numbers and bank account numbers allow a criminal to access existing credit cards and bank accounts. They also may assist criminals in opening new accounts that will be charged to the victim or to obtain other proof of identity documents.
Opportunities for the offl ine identity thief are many:
RUBBISH that contains discarded mail or paperwork with account information, or statements highlighting credit limits and/or savings
MISLAID personal property such as a wallet or purse that contains receipts with account information and various forms of identification
STOLEN property such as business records, files, letters stolen from your letterbox or other items that contain your personal details
SKIMMING of credit cards when not in the presence of the cardholder
26
To help prevent identity theft, consumers should be vigilant. Tick the following boxes to see how many precautions you take:
LOCK your mailbox and collect your mail every day
SHRED potentially sensitive information such as unneeded tax records and bank or credit card statements, instead of just throwing them out
REFUSE to give out personal financial information to unknown callers or salespeople over the phone, on the internet or in person
CARRY only the credit cards that you need on a regular basis and never carry PINs or passwords in a wallet or purse along with the cards they activate
CHECK your credit card statements (and any other statements such as telephone, electricity and gas)
REGISTER for electronic statements for banking and credit card accounts. These can be viewed any time of day or night to monitor against fraudulent use and eliminate the need for paper statements, which can be stolen
KEEP sight of your credit card when paying
SIGN new or renewed credit cards immediately
CLOSE bank and credit card accounts that you are not using
ORDER a credit report regularly and review it to ensure it is accurate
LOCK away sensitive personal information in a secure filing cabinet at home
CONTACT your bank, credit agency or any card issuer (such as Medicare, the RTA, etc) immediately if cards are lost or stolen
Protecting your identity offl ine is just as important as protecting it online
27
Lex GraberIn 2003, Lex Graber received a call from his bank notifying him of a suspicious transaction on his credit card involving an online expenditure of US$3,500. Having never purchased from the US, Lex confi rmed the spending as a fraudulent transaction and the bank immediately cancelled his credit card.
Following the incident, Lex made practical adjustments to improve security when trading online. He opened a credit card with a $500 limit and only transfers additional funds if a purchase exceeds the threshold. Alternative precautions include using PayPal for all his online purchases and carefully monitoring his emails for spoofs.
Three years down the track, Lex has gone on to build a successful eBay store, Graber Bargain, where he handles thousands of transactions a month. “Buyers and sellers can enjoy their online shopping experience if they assume a duty of care,” he says. “You must be vigilant. Check who you’re dealing with and ensure you have all the necessary information about the product.”
CASE STUDY
ID THEFT
28
When thieves on the internet go fi shing for sensitive information to commit identity theft, it’s called phishing (pronounced fi shing). Phishing is, as it implies, an attempt by scammers to trawl the sea of online consumers in the hope of netting unsuspecting victims.
The way it typically works is like this: identity thieves send a massive number of generic emails (also known as “spam”) asking recipients to update account information for their banks, credit cards, online payment services or popular shopping sites.
Sometimes these emails appear to have been sent from a legitimate company such as a bank, eBay or PayPal. The fraudster hides behind these credible sources in a practice called spoofi ng, which goes hand in hand with phishing. The email will often convey a sense of urgency and may assert that the recipient’s account information has expired, been overcharged, compromised or lost and that the account holder needs to contact the company immediately. Phishing emails often contain links to an offi cial-looking website to “assist” this contact. Other times, emails ask the recipient to download and submit an electronic form.
ID THEFT ONLINE
WHAT IS PHISHING, SPOOFING AND SPYWARE?
30
Sometimes malicious software, known as spyware, is hidden in email attachments or on the phoney websites to which victims are directed. Once on a victim’s computer this software may allow the criminal to see what is being typed on the victim’s keyboard and to locate sensitive information stored on their computer, such as internet banking login names and passwords.
Many phishing emails appear very convincing. Some commentators suggest that between one and fi ve percent of recipients respond to phishing emails and an even larger number of people cannot tell the difference between a fraudulent and a real email from an institution.
Phishing has only one purpose: to obtain personal information such as account user names, passwords, credit card numbers, bank account details and other personal data such as date of birth, phone numbers and addresses so that criminals can profi t. Criminals continue to phish because it is profi table even if a small fraction of the recipients respond: it is an inexpensive crime to attempt and to repeat regularly.
31
Make no mistake – it is diffi cult to detect fraudulent emails. Phishers have become increasingly sophisticated in their techniques and technology. However, there are certain red fl ags internet users should look for that are common to many spoof emails:
HOW DO I IDENTIFY A PHISHING EMAIL?
- Example of phishing email
32
1.
2.
3.
4.
5.
URGENCY/THREATS TO ACCOUNTS. Some spoof emails declare that the recipient’s account has been billed or is in jeopardy and that authenticating information is required to keep the account from being closed, suspended, billed or restricted.
LOST INFORMATION. Consumers should be wary of claims that a company is “updating” its files or accounts. Companies such as banks, PayPal and eBay are not likely to lose account information.
PERSONAL INFORMATION REQUESTS. Requests for a recipient to enter sensitive personal information such as a user ID, password or bank account details by clicking on a link or completing an email form should be treated with suspicion, even if the link takes you to a site that looks official.
SENDER’S ADDRESS. Email recipients should not rely on the sender’s email address to validate the true origin of the email. The “From” field of emails can be easily altered to disguise the true sender.
LINKS that appear to connect to a particular site may be forged. Always open up a new browser window and manually type in the website address.
Treat with suspicion any email asking foraccount names, passwords or fi nancial informationaccount names passwords or financial infoaccount names, passwords or fi nancial information
33
HOW CAN I AVOID BEING A VICTIM OF PHISHING, SPOOFING AND SPYWARE?
The likelihood of online identity theft working can be greatly reduced by following a few simple rules. Tick the following boxes to see how many of precautions you take:
PROTECT your computer with up-to-date anti-virus/anti-spam/anti-spyware software and firewall protection (see pages 42-43)
USE the most current versions of browsers and operating systems
CHOOSE secure passwords to protect your accounts Don’t use passwords that can be guessed, like birthdays, family members’ names or even the word PASSWORDUse a password that contains a combination of upper- and lower-case letters, numbers and symbols eg: s1pRf$dLUse different passwords for different accounts, just like you have a different key to your home, car and officeChange your password periodically to help ensure it cannot be guessed
REFUSE to tell anyone your password. Legitimate companies will never ask for your personal details by email
34
Keep your computer protected with up-to-date software, use sensible passwords and never
share them with anyone
FORWARD any dubious emails purporting to be from eBay to [email protected], which will verify whether the email is legitimate. eBay will investigate the source and determine its authenticity. PayPal offers a similar service at [email protected]
OPEN a new browser window and type in the URL of the website that has been forwarded to you as a hyperlink in a dubious email. Don’t simply click on the link
DOWNLOAD the eBay toolbar, which contains Account Guard. If you visit a site purporting to be eBay, the Account Guard will turn green if you are on a legitimate eBay website, grey if the site’s legitimacy is unknown, and red for proceed with caution. The toolbar is free to download from eBay.com.au
CHECK online account statements regularly
RESPOND only to emails you know cannot be spoofed. Some companies communicate directly with their members on their websites, assuring members and account holders that the communications are intended solely for them. For example, eBay’s My Messages is a service where members can double check emails received from eBay or other eBay members. (see pages 13-15 for using My Messages to avoid Fake Second Chance offers)
35
Simon Bate Simon Bate experienced an account takeover a year ago when someone tried to sell illegal items using his eBay account. The seller hijacked Simon’s Hotmail and eBay accounts. Simon had the same password based on his home town for each account, making it easy for anyone to take a guess and take over both accounts. eBay froze Simon’s account and he was advised that someone had already sold a car and other items with his user ID.
Simon contacted eBay Live Help (an online messaging service, which allows you to communicate with an eBay customer service representative) and received assistance instantly. “Live Help assisted in changing my password and advised me to use a combination of words and numbers to ensure that this wouldn’t happen again,” he says. “The key lesson I took from this experience was to change my password regularly and never use the same password for all accounts. Also, I now always send any suspicious emails to [email protected] and never respond to unsolicited phishing emails asking for personal information.”
CASE STUDY
ACCOUNT TAKEOVER
36
Sometimes it can take months before a victim of identity theft becomes aware of the problem. If you have been the victim of identity theft, you should take the following steps immediately:
CONTACT the police in your area and report the crime
REGISTER your name on the Australian Identity Protection Register (see next page)
OBTAIN a copy of your credit file to confirm someone has used your identity (see next page)
INFORM the credit providers involved of the fraudulent activity; otherwise they may hold you responsible for any “bad debt” incurred
MONITOR your credit file (see next page)
RETAIN detailed logs of all correspondence relating to attempts to report and correct the fraudulent activity
WHERE CAN I TURN IF MY IDENTITY IS STOLEN?
38
To obtain a copy of your credit fi le contact:
Baycorp AdvantagePublic Access DivisionPO Box 964North Sydney NSW 2059Tel: 1300 762 207Fax: (02) 9951 7880Email: [email protected]: www.mycreditfi le.com.au
Also contact:
Australian Identity Protection RegisterThe Australian Identity Protection Register was created by the Australian Crime Commission to respond to the challenges faced by victims of identity theft. This service notifi es various federal and state government and law enforcement agencies of identity theft cases. Once informed, the agencies are then in a better position to detect and prevent any further fraudulent use of victims’ identities.
If you are victim of identity theft and would like to utilise this service visit your local police station and request that they submit your details to the register. You will have to complete a police report and form before your details will be placed on the register. Your details will be kept strictly confi dential and provided only to those agencies with permission to access the register. If you would like more information about the register call (02) 6243 6666.
39
1.
2.
3.
Keep anti-virus, anti-spam and other computer security software up to date
Never email anyone your online account details (username and password) – sharing this information is similar to giving out your ATM card and PIN
Use eBay’s tools to combat phishing, including:[email protected] and [email protected]: if you are ever suspicious of an email you have received from eBay or PayPal, forward it to these addresses and eBay or PayPal will confirm if it’s a legitimate email
eBay Toolbar: download the eBay Toolbar featuring Account Guard. It’s free to download and helps make sure you are on a legitimate eBay site. The Account Guard turns green if you are on a legitimate eBay website and red when you need to exercise caution
My Messages: a message inbox in My eBay where messages originating from eBay systems can be checked. If it concerns your eBay account, it’s in My Messages
COMBATING PHISHING TIPS
QUICK TIPS 40
Keep separate passwords for each online account
Use a password which is difficult to guess. A random combination of letters and numbers is best
Keep computer security software up to date
Never email anyone your online account details (username and password)
Check online account statements regularly
If you think your eBay account has been taken over, contact Live Help: www.ebay.com.au/accounthelp
If you think your PayPal account has been taken over, contact the PayPal Customer Service Centre on 1800 073 263
ACCOUNT SECURITY TIPS
41
1.
The following information has been supplied by AusCERT, Australia’s national Computer Emergency Response Team. AusCERT provides independent computer attack prevention, response and mitigation advice to Australian organisations and users that connect to the Internet.
AusCERT recommends applying all these steps to provide the best protection when connecting your computer to the Internet. Following just one or two steps is akin to locking the front door and back door to your home but keeping all your windows wide open.
KEEP YOUR OPERATING SYSTEM AND OTHER SOFTWARE UP TO DATEDefects in software are discovered all the time, so it is important to keep your system up to date and apply patchesConfigure your PC to do automatic software patch updates. This will make the task of keeping software up to date as easy as possiblePatches should also be applied for your operating system email applications, all browser applications (such as Microsoft Internet Explorer), and other software in common use, eg: Microsoft Office applications (Word, Excel, etc)
HOW CAN I SECURE MY COMPUTER AT HOME?
42
2.
3.
4.
INSTALL A PERSONAL FIREWALL Every home PC that connects to the internet should have a personal (software) firewall. Configure it to allow only essential in and outbound internet connections.
INSTALL ANTI-VIRUS AND ANTI-SPYWARE SOFTWARE AND KEEP THEM UPDATED
Once installed, configure your anti-virus software so it updates itself at least dailySpyware scanners complement anti-virus software. They detect and protect against a variety of programs that can be secretly installed on your PC by attackers for malicious purposesRegard opening email attachments and clicking on web links in unsolicited or suspicious emails as potentially dangerousSchedule daily scans of your computer using anti-virus software and anti-spyware software to identify whether you have received malware which your anti-virus software may not detect and quarantine at the time of entry
INSTALL SPAM FILTER SOFTWARESpam filters examine incoming email, and can determine whether it is spam. It will then either block the email or let it throughSpam filters will not successfully block spam all of the time. Do not assume all emails delivered to your inbox are legitimate and worthy of your complete trust, even if they appear to be from known sources
43
5.
6.
7.
TURN OFF INSECURE FEATURES IN YOUR PC’S BROWSERWeb browsers allow us to surf the web, access our email from anywhere in the world and shop online. It is possible for attackers to write harmful web-based programs which will automatically be installed on your PC if you connect to an attacker’s website with your PC’s browserDifferent browsers use different security features. For example, Microsoft Internet Explorer’s security features can be accessed and set via the Tools/Internet Options menuHome users may prefer to configure their browsers to prompt before allowing these programs or scripts (eg: Java, Javascript, ActiveX, IFrame) to run rather than automatically disabling themAlthough anti-virus software can help protect your PC from most harmful web-based programs, it is still recommended that you activate as many of the security features on your browser as possible, as antivirus software will not detect all malicious code on the internet
SPECIAL TIPS FOR BROADBAND USERSBroadband users should consider purchasing a combined broadband modem/router device in order to give their PC a private network address. This way it cannot be directly reached via the internet and provides a greater level of protection than a software-based personal firewall would on its ownBy turning your PC off when not in use you will reduce the time available for attackers and malicious programs to attack your computer and also reduce your power consumption
PERFORM DAY-TO-DAY TASKS UNDER A USER ACCOUNT WITH LIMITED/REDUCED PERMISSIONS
By using a limited-user account rather than an account with administrator-level privileges when accessing email or browsing the web, you can inhibit the ability of some malware to infect your computerUsing an administrator account should be reserved for occasional use when you need to configure the security features of your computer and install new software from sources you trust. Windows XP allows the ability to create limited-user accounts
For further detail about any of these matters see: Protecting your computer from malicious code at www.auscert.org.au/3352
44
Reporting matters to police and consumer affairs agencieseBay’s experience is that most suspected fraud is actually miscommunication between buyers and sellers. Follow our “What should I do if something goes wrong” advice on (page 20). If this does not work, report your suspicions to the police in the jurisdiction where you think the offender lives (eg: if you live in Melbourne and you think the offender lives in Sydney, report the incident to the New South Wales Police).
If your complaint involves a business, consider also reporting the matter to the consumer affairs agency in the jurisdiction where you think the seller lives.
eBay works closely with law enforcement and consumer affairs agencies all around the world. We encourage those agencies to directly contact the eBay Australia team by sending an email from their government email address to [email protected]
Identity theftAttorney-General’s Departmentwww.ag.gov.au/agd/www/ncphome.nsf/page/identity_theft
WHERE ELSE CAN I TURN FOR ADVICE?
46
When Bad Things Happen to Your Good Name brochure:www.acpr.gov.au/pdf/IDCrime_brochure.pdf
Consumer rightsAustralian Competition and Consumer Commissionwww.accc.gov.au
General e-securityDepartment of Communications, Information Technology and the Artswww.dcita.gov.au/ie/e-security
Internet Industry Association security portal for advice to small businesses onlinewww.security.iia.net.au/
IT security threatsNational incident reporting servicewww.national.auscert.org.au/
SpamAustralian Communications & Media Authoritywww.acma.gov.au/ACMAINTER.131402:STANDARD::pc=PC_2008
eBay recommends you download the SpamMATTERS spam reporting tool:www.acma.gov.au/interforms/spam/spammatters.htm
Online scamsAustralian Securities and Investments Commissionwww.fido.asic.gov.au/fido/fido.nsf
47
1.
2.
3.
4.
HOW TO BUY A CAR SAFELY ON EBAY MOTORS AUSTRALIA
Check the car’s value and determine how much you want to pay. Search for the car model you are considering buying by using eBay’s Completed Listings in Advanced Search, which allows you to view recently sold items. This will help you get an idea of how much a similar model has sold for recently on eBay
Check if the car is covered by eBay’s Vehicle Purchase Protection. it may provide up to $20,000 of cover in the unlikely event something goes wrong (see www.ebay.com.au/vpp.html for more information)
Get to know your seller. read the description and review the pictures closely, check the seller’s feedback rating and ask questions about the car. If there’s inadequate information, ask for more. If you are in the same area as the seller, ask for a test drive just like you would when buying a car elsewhere. If you do meet the seller prior to the sale, be sure to complete the transaction on eBay or you won’t be covered by the Vehicle Purchase Protection program
Use independent third parties for further research. If you can’t do a test drive personally, you can use an authorised vehicle inspection service (www.eBay.com.au/motors/vehicle-inspections.html) to check out the car on your behalf. You can also conduct a vehicle history check by visiting (www.eBay.com.au/vehiclecheck.html) to learn more about a particular vehicle and to ensure there is no finance owing
QUICK TIPS48
5. Consider Auction, Buy It Now and Best Offer. There are three easy ways to buy a car on eBay:
AUCTION – our traditional auction format, excellent for getting the best price for a car
BUY IT NOW – our fixed price format that allows you to buy the car immediately at the price set by the seller
BEST OFFER – a feature that gives you the opportunity to negotiate the price online
49
1.
2.
3.
4.
5.
6.
7.
8.
EIGHT ESSENTIALS TO REMEMBER ABOUT ONLINE SHOPPING:
If an offer sounds too good to be true, it probably is
Before buying online, check to make sure your purchase is covered if something goes wrong
Sending payments via PayPal allows you to shop online without sharing your bank account and credit card details. It also has a buyer protection program
Never pay with Western Union, MoneyGram or other instant wire transfer services
Treat Second Chance Offers with suspicion
Protecting your identity offline is just as important as protecting it online
Treat with suspicion any email asking for account names, passwords or financial information
Keep your computer protected with up-to-date IT security software, use sensible passwords and never share them with anyone