IDG News Service - EBay Inc. helped to shut down a Russian Web site this week that was offering to sell stolen customer account information for as little as $5 each.
Armed with an eBay customer's log-in and password, a fraudster could post items for sale, collect payments and then never deliver the goods. The site was also offering to sell a handful of PayPal accounts.
Security vendor Sunbelt Software detected the site Tuesday and reported it to eBay, which worked with the local ISP (Internet service provider) to have it taken off-line, an eBay spokeswoman confirmed. She couldn't say how many user accounts were offered for sale or whether any customers' accounts had been misused.
The site probably collected the information through phishing attacks or a Trojan horse virus that plants keylogging software on users' PCs, said Alex Eckelberry, president of Sunbelt, in Clearwater, Fla.
Attempts to harvest and sell such information are fairly widespread, he said. "It would make the hair on your neck stand on end if you knew," he said.
The site, at ebayseller.cc, was inaccessible Friday morning, but Eckelberry posted screen captures in his blog that appeared to show account information for sale from customers in the U.K., Germany and Australia.
The site preferred accounts that were used infrequently, meaning a user would take longer to notice any suspicious activity, and asked a higher price for accounts with good feedback ratings. Prices ranged from $5 to $25 per account.
"We're in contact with law enforcement to track down the perpetrators and we're going to vigorously pursue this investigation to ensure they are prosecuted," the eBay spokeswoman said.
A check on the Whois database showed the Web site was registered on Dec. 2, 2005, allegedly to a company in Cypress, Calif. There was no reply Friday at the phone number provided, although the site's creator would be unlikely to use real contact information.
EBay reiterated its guidelines for customers to avoid having their data stolen: Be extremely wary of e-mail that ask you to update personal account information, download eBay's toolbar with software that detects fraudulent eBay and PayPal sites and report suspicious e-mail.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
