eBay Beefing Up Cybersecurity Operations

I've been tracking open job positions at eBay and while it appears hiring in general may be slowing down at the company, there are a few areas where eBay is looking to ramp up hiring - Crypto & NFTs and now, in a possibly related move, cybersecurity.

Security & Reliability Engineer

Security & Reliability Engineer at eBay

Learn more about applying for Security & Reliability Engineer at eBay

Home

eBay is looking for an experienced Security & Reliability Engineer (GCP) to support the automation and deployment of two of eBay’s growing platforms, our Cybercrime and Digital Assets Platforms.

Developing a platform to support multiple geographies carries with it many challenges and the Security & Reliability engineer will play an integral role at the intersection of security, software engineering and infrastructure/systems engineering.

Product Abuse Researcher

Product Abuse Researcher at eBay

Learn more about applying for Product Abuse Researcher at eBay

Home

eBay is looking for an experienced Product Abuse researcher who will work to research and track the tactics, techniques, and procedures of Cyber-criminals on the eBay Marketplace to target and abuse eBay’s platform, services and Customers.

In this role you will research and investigate abuse in the Products and Flows used by eBay’s customers every day and develop expertise at the intersection of Off Platform originated Cybercrime and On Platform abuse.

To be successful in this role you will be a subject matter expert in Cybercrime. You will be able to build and maintain knowledge of relevant adversary and Product Abuse behaviour, disseminating timely and actionable information and data on the Abuse Case and able to communicate research and analysis findings to Product Managers, Engineering teams and Executives.

Information Security Engineer

Information Security Engineer at eBay

Learn more about applying for Information Security Engineer at eBay

Home

This role is to largely work with the Bug Bounty portfolio and handle Application Security issues remediation and response. As part of this role, we need a hands-on Security Engineer with experience in researching, crafting, and implementing capabilities and defenses to secure and protect eBay’s critical Applications and infrastructure.

Director Financial Intelligence Unit (FIU) Ops, & Anti-Money Laundering (AML) Strategy

Director - FIU Ops, & AML Strategy at eBay

Learn more about applying for Director - FIU Ops, & AML Strategy at eBay

Home

In the intelligence operations capacity, the Director will be responsible for oversight of proactive and reactive investigations, and, as appropriate, the reporting of suspicious financial and/or fraudulent activity, to include money laundering, terrorist financing, fraud and/or any other financial risk or crime.

I am very happy to hear eBay is developing a cybercrime platform to track the tactics, techniques, and procedures of Cyber-criminals on the eBay Marketplace to target and abuse eBay’s platform, services and Customers - it's about time! 👏

In April 2020, I stumbled into the wild and scary world of triangulation fraud when my then employer was targeted to the tune of over $160K in less than 4 months.

This sophisticated fraud uses hacked/compromised eBay accounts to sell stolen merchandise (purchased using stolen credit cards) on the platform.

Triangulation Fraud - What Is It & How Can You Protect Yourself?

Multi-channel ecommerce businesses using 3rd party marketplaces may be targeted by this sophisticated fraud.

Value Added ResourceLiz Morton ~ Founder

I attempted to work with eBay's PROACT (partnering with retailers offensively against crime and theft) department, but despite the cute acronym, they were anything but proactive.

At one point I even offered to provide them over 4,000 tracking numbers from verified fraudulent orders that they could have used to trace back in their system to identify more accounts being used to perpetrate the fraud - they declined that offer and any of the other information I had found through my company's internal research and fraud analysis efforts.

I've also done extensive research into many other forms of fraud and scams running rampant on the platform - many of which also use compromised or hacked accounts to facilitate the fraud.

eBayUK has a particular problem with fake car ads that attempt to direct users to make payment off the site.

They reuse the same pictures over and over again, something that AI/ML image recognition should be able to be trained to spot easily, but yet this fraud has persisted for years with thousand and thousands of ads listed on the site.

Why Doesn’t eBay Do More To Stop Car Scams?

It seems like eBay car scams have been around forever, why doesn’t eBay do more to curb this particular kind of fraud?

Value Added ResourceLiz Morton ~ Founder

Unfortunately, hacked accounts used for fraud can be a big money maker for eBay too - they often attempt to collect thousands of dollars in fees from the victim of the account hijacking, sending them to collections and hurting their credit rating in the process.

Hacked eBay Account Costs Seller Thousands In Fees

Seller pleads for help as eBay attempts to collect thousands of dollars in fraudulent fees incurred after account hijacking.

Value Added ResourceLiz Morton ~ Founder

Another interesting scam involves fraudsters listing in demand products like gaming consoles and watches in categories that are excluded from eBay Money Back Guarantee protections - leaving the buyer with no recourse when the item never arrives and they cannot file a claim through eBay to get their money back.

Again, eBay could use automated keyword searches and much more to proactively identify items that have been incorrectly and fraudulently listed in these categories - but they don't. 🤷‍♀️

eBay Specialty Services Scam Leaves Buyers Unprotected

An eBay scam targeting Steam Decks, Omega Moonswatches & more leaves buyers with no protection.

Value Added ResourceLiz Morton ~ Founder

And finally, I really hope this new cybercrime squad and the anti-money laundering unit will get serious about their Know Your Customer (KYC) practices to avoid another massive stolen identity 1099-K tax reporting snafu.

Earlier this year, I collected data from people who received 1099-K tax forms from eBay for tax year 2021, but never knowingly sold an item or created an account on the platform! 🤯

Received An eBay 1099-K But Never Sold On The Platform?

eBay sends 1099-Ks to some who didn’t create accounts or sell on the platform - have stolen IDs been used for fraud?

Value Added ResourceLiz Morton ~ Founder

Fraudsters had stolen their personal information (name, address, and in some cases even the correct social security number), set up shop on eBay and had been allowed to sell tens of thousands of dollars of merchandise with no one at eBay ever catching on or attempting to verify the identity info.

Out of 76 reports, 41 provided dollar amounts from the 1099K - total financial scope was ~ $750,000 with the highest one reported at $180,000. Out of the 41 with dollar amounts, 26 of them were $10,000 or above.

And that was just a small handful of people who reached out to me personally or posted publicly about it in the eBay forum or across social media.

I firmly believe that was a drop in the bucket and eBay has a much larger problem with fraud and fake/hacked accounts than they would care to admit publicly.

To whomever eventually gets hired for these roles, I'll extend to you the same offer I tried to extend to PROACT. I am always happy to share my experiences and detailed documentation of what I've discovered while investigating and combating all manner of fraud on the platform - feel free to reach out any time. 😉