Buyer beware

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

It was one of those hyped auction site bargains: an Apple PowerBook G4, plus a 23-inch flat-screen display for just £1,500 - a combination that would cost more than £3,000 new. But though Robert Irvine paid for it through the eBay UK auction site, the laptop and screen never turned up. Instead, the vendor disappeared as soon as the money transfer went through. Robert, the principal cellist at The Orchestra of Scottish Opera, and his wife, the composer Sally Beamish, for whom the laptop was intended, were victims of a particular type of auction fraud: account hijacking, which eBay calls "unauthorised account takeover". Judging from reports on eBay's Community Q&A Board, this was no isolated incident.

Here's how the hijack works. A fraudster finds a vendor with a record of good feedback from previous auctions. He (it's usually he) works out their password by simple guesswork, or by conning it out of the vendor by sending a "spoof" e-mail purporting to be from eBay. It is relatively easy for a scammer, or spammer, to obtain the e-mail of an eBay customer: one reported receiving seven spoof e-mails in a day.

Once they have the account, it's easy to change the password and e-mail address to where correspondence is forwarded. Then the fraudster lists a high-ticket item, often a hi-tech consumer good, with the option to "Buy It Now" at a fixed price.

To cover their tracks after the goods are sold, the scammer will often demand to be paid by money transfer. With Western Union, for example, the receiver needs only turn up at the office with suitable identification; there's no purchase protection. In defence of this policy, Western Union says: "We caution our customers against sending money to people they don't know."

Once you know how the hijack works it's possible to spot the signs, for example by checking a vendor's past auctions. If they previously sold stamps in US dollars and now have several wide-screen TVs for sale in pounds sterling, be suspicious. The problem lies where purchasers are unaware of the risks - purchasers like Irvine.

Irvine received an e-mail notification from eBay after the deal was concluded, but before payment was made. He was informed that the account had been "temporarily suspended" while an undefined "matter" was investigated, and told: "You will need to use your own personal judgement in deciding whether to complete this transaction." Subsequently, he received a second e-mail with a sending address of moreinfo@ebay.com explaining that the former e-mail was a mistake and that "eBay strongly advise you to complete the transaction with the seller as we confirm this is a legitimate sale". So he concluded the sale.

In retrospect, Irvine now thinks the second e-mail to be a fake. But he can't be certain because in subsequent correspondence eBay neither confirmed nor denied that it had sent the e-mail.

He is angry that eBay failed to warn him that it suspected the account had been hijacked, or to warn him that the vendor might attempt to con him into completing the sale. Unable to recover funds from Western Union, or his credit card issuer, with which he paid Western Union, he has been invited to apply for eBay insurance. The maximum award available? £105.

What steps is eBay taking to combat hijacking? "Reports of account takeovers are taken very seriously by eBay," says a spokeswoman, "and it will take all necessary action to prevent any member of the community from the effects of such." The main line of defence, however, appears to be warning customers that eBay will never send an e-mail asking for personal details. That has been its policy since it was set up in 1995, and is the same for the UK arm, set up in 1999.

How many victims have fallen foul to account hijack and other auction scams in the UK? Nobody knows but it is probably significant: 68.8 million people use eBay worldwide, and in May 2003 the UK site had 6.8 million users. It's the UK's top e-commerce site, according to Nielsen Net Ratings, and the UK's largest online marketplace.

There's no reason to believe that auction fraud is any less serious in the UK than in the US, however, where victims can report crimes online to two agencies. Almost half of 75,000 offences filed in 2002 with the FBI-backed Internet Fraud Complaint Centre (at www.ifccfbi.gov) were internet auction fraud. Last year, 90 per cent of the 37,000 complaints to the US National Consumers League's www.fraud.org concerned online auctions. There's also concern in continental Europe. The majority of conflicts dealt with by The Austrian Internet Ombudsman concern online auction disputes.

So where should British consumers, or fraud victims such as Irvine, look for advice or help? The National Hi-tech Crime Unit, The Internet Watch Foundation, The Office of Fair Trading and The Trading Standards Institute can't help - all said that internet auction frauds fall outside their remit.

The police says the UK needs an organisation to keep track of internet fraud, as the IFCC does in the US. Home Office insiders remark that the requirement for such an organisation has been "flagged". Victims of international fraud can lodge complain to The International Consumer Protection and Enforcement Network at www.econsumer.gov.

The former ICPEN president Guido Sutter said it recently took up the case of a UK eBay user. The auction site was ready to co-operate with investigators, and to ban the vendor from trading. But eBay held back from accepting fault, Sutter said: "eBay underlined that it is merely offering a trading place on the internet without getting involved in the contractual situation of the trading parties and therefore cannot be held responsible for damage caused by one of these parties."

It gets worse. Account hijacking isn't the only risk when taking part in an auction. Users also report problems with supposedly legitimate buyers and sellers. Linda, a doll collector, recently purchased a "rare black Tressy Doll" from a US vendor for £437, advertised as "near mint". Unsatisfied with the condition of the doll, she asked for a refund from the vendor, who refused. She complained to eBay; nothing happened.

Unable to recover the money by "charge back or reversal" on eBay's subsidiary PayPal, through eBay insurance or from her credit card (because, the company said, the goods purchased were not brand new), she has resorted to "naming and shaming" the vendor on her website www.tressydoll.com.

Despite having first-quarter profits of $384.4m on revenues of $476m - eBay declines to get involved with cases such as Linda's. Instead, it recommends using the internet dispute mediation service at www.squaretrade.com and, if necessary, contacting the police.

Sellers get conned too. Sally (not her real name; she is afraid of being delisted by eBay if she complains publicly) has been selling goods for three years on the website, but feels she's being used as a designer wardrobe. She has a buyer who pays for clothes - then claims they're substandard. Sally, fearing negative feedback, arranges a refund. When the clothes are returned , they are indeed substandard - because they've been worn out on the town.

Buying goods at eBay is not unsafe, but there are risks and the site makes no guarantees that vendor or goods are legitimate. Don't be blasé, warn the police and, where possible, buy goods face to face.

How to avoid the online auction scams

* The insurance or Buyer Protection Programme on eBay, which is discretionary, allows you to recover up to only £105 of any loss.

* Most goods that are bought and sold on eBay cost less than £100.

* Do not assume that your credit card issuer will cover you, particularly if the credit card has been used to top up an internet payment mechanism such as PayPal, or to pay for a money-transfer such as Western Union.

* Consider using an escrow service, so the vendor does not receive money until purchaser has received the goods. Beware of fake escrow services.

* Use a banker's cheque or some other payment method that may be traceable.

* See the eBay community Q&A board. Search on "conned" or "ripped off" to find common frauds, but don't expect warnings about specific accounts that have been hijacked: eBay has banned users from identifying them.