Some of these bogus Websites are easier to discern from others. Thousands of domain names with the word "ebay" have been registered, and Web-savvy scam artists can dress up a Web address to look like it resolves to "ebay.com." Many of these bogus sites follow the "change-ebay.com" pattern, springing up for a matter of hours or days after being registered with a stolen credit card -- just for the purpose of snaring a few unsuspecting users' passwords before shutting down or getting unplugged by a domain name registrar or Internet service provider, eBay representatives say. eBay is hardly alone in grappling with username and password theft online. AOL Time Warner's America Online proprietary service for years has warned its users prominently that company representatives will never ask for an account password. Ebay said it was tackling the problem in a similar way, educating users about what to look for in a potentially fraudulent eBay Web address and urging caution before parting with sensitive data. "To protect yourself, remember that eBay will never ask you for your private information, such as credit card information or your account password, in an email," eBay warned users in a recent email alert. "eBay will never send you any request or solicitation from a non-eBay email account or provide a link outside of eBay for entering credit card or other private information." But critics say eBay needs to go further in its fraud prevention efforts, not only by cracking down on criminals and increasing education efforts, but by changing the way it communicates its legitimate alerts. "I was surprised that eBay linked to a Website where people can update their information," said AuctionByte.com's Steiner. "I don't think they should do that -- they should tell people to go to the site on their own and log in. People really need to know that they should never click on a URL in an email from any vendor, that they should go to the site the way they always do and log on." Scam artists are taking advantage of eBay's deadline-heavy pace in their schemes, knowing that an eBay user facing a ticking clock is less likely to think twice before handing over a username and password. "One person was out of town and panicked when he got home and saw email saying his auctions wouldn't be kept live unless he made these changes," Steiner said. "So he went in and gave them all this personal information. If they catch you at the right time, you can be fooled." Because eBay for the most part obscures its members' email address, questions have arisen about the methods scammers are using to target eBay users. Some eBay critics blame the recent rash of scams in part on the auction site for inadvertently displaying the email addresses of its users next to their high bids. But the company said the exposure, which happened 13 November, probably played a minor part in the crime wave, which began in February. Though eBay prohibited the use of an email address as a username 18 months ago, "a good number" of people who had such a username prior to that policy change were grandfathered in with the name. Another way the scammers target eBay users, according to the company, is by the sheer volume of easily available spam email lists. "It's not impossible that some of the people who received these emails had their email addresses exposed on the site," said eBay representative Kevin Pursglove. "But to suggest that it opened the floodgates is a bit of a reach." Victims of fraud on eBay have limited recourse. The company's insurance program will reimburse victims for items worth up to $200 (£130), with a $25 deductible. Many credit card companies offer fraud protection for higher amounts, but Pursglove pointed out that most con artists accept only money orders or wire transfers. When asked why eBay identity theft has become such a vogue this year, Pursglove speculated that the success of the company's general antifraud efforts were driving demand for the comparative safety of a stolen eBay identity. But Pursglove acknowledged another, less cheerful explanation. Like winter colds and successful software marketing, the identity thievery may be viral. "Perhaps the word's spreading around to the Internet's darker corners," Pursglove said. "We've had a lot more of it the past four or five months than at the beginning of the year. The scam is out there."
For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
