WELCOME TO EBAY!
Hi, my name is Alastair MacGibbon, and I head up eBay’s Trust & Safety team in Australia and New Zealand.
An important part of my role is informing consumers of the choices they should make about safe online shopping.
That’s why we’ve prepared this guide, to help you be safe when transacting online, to answer the questions you
might have about safe online shopping and to allay any concerns.
More than ever before, Australians are shopping online. A large reason for this boom is consumers feel more
conﬁdent about transacting online. In May 2006 eBay conducted a comprehensive survey1 of the Australian
internet population to understand their trust and safety needs. According to our survey, three out of four regular
internet users in Australia believe online shopping is becoming safer, a 10% increase in the 18 months since we
last asked that question2.
My own experience here at eBay has been that the overwhelming majority of transactions are trouble-free and in
the rare instances when things go wrong, simple actions by shoppers can prevent most of the problems.
Shopping safely online requires the same level of common sense and caution as shopping safely ofﬂine. This guide
shows you what to look for and how to act. You can also ﬁnd this guide on eBay.com.au in the Security Centre.
Trust & Safety Director
eBay Australia and New Zealand
Survey conducted by Sweeney Research, May 2006. Study no. 05157.
Survey conducted by Sweeney Research, October 2004. Study no. 14240.
Alastair MacGibbon is a leading Australian authority on internet crime and safety solutions. Prior to
joining eBay, Alastair spent 15 years as a federal agent in the Australian Federal Police working both in Australia
and overseas. He was the founding director of the Australian High Tech Crime Centre (AHTCC), the national law-
enforcement body charged with the responsibility of coordinating Australia’s efforts in combating serious crime
HOW CAN I SHOP SAFELY ONLINE?
The precautions we take every day when we visit our local shopping centre are so familiar to us that
we no longer think about them.
These precautions include:
NEVER leaving your purse or wallet in an unattended shopping trolley
NEVER revealing your personal identification number (PIN) at a checkout
NEVER carrying large amounts of cash in your purse or wallet
NEVER letting your credit card out of sight after it has been handed over for payment
Similarly, when online, shoppers need to take sensible precautions when buying goods.
Follow this easy checklist each time you shop online:
READ and understand safe trading guidelines provided by the site you are shopping on
KNOW your seller
Review their online reputation (ie eBay feedback), previous sales and comments by other
shoppers who have bought from them
Understand the eBay Member Profile (see pages 6-7)
Read the item description carefully
Ask the seller questions if you need more information
Look for and understand the seller’s refund and return policies
CHECK you are covered with buyer protection programs (see page 10 for more information)
USE secure payment methods
Take precautions when providing anyone with your bank account or credit card details.
Entering these details on several different merchant websites increases the likelihood of
your personal information being misused
Pay smart by using PayPal to avoid your bank account or credit card details being shared
with others (see page 8)
NEVER use wire transfer services such as Western Union or MoneyGram – these services are
not designed for online shopping and offer no protection when things go wrong
RETAIN copies of all correspondence and communication from your purchase, in case of a
dispute (see pages 20-25 for more information)
EXERCISE common sense. If an offer sounds suspicious or too good to be true, it probably is
KNOW your rights. Consumers have the same legal protections online as they do offline If an offer sounds too good
to be true, it probably is
HOW CAN I GET TO KNOW THE SELLER?
Check the listing
1. Review the seller’s Feedback
Rating – this is their online
reputation. Click on feedback
to view the sellers member 2.
2. Check pictures and 4.
3. Review the seller’s other
items to assess the overall
quality and type of items they
4. Ask the seller questions if you
need more information
5. Check to see if the item is 2.
covered by PayPal Buyer
Protection4 or if buying a car
check for Vehicle Purchase
The PayPal Buyer Protection Program is subject to the terms and conditions in PayPal’s User Agreement
Check the member proﬁle:
6. Review the seller’s Feedback
Rating – this is their online 6.
7. The positive, neutral
and negative comments
provided by other members
of the eBay community 10.
help customers evaluate
a seller’s previous trading
history and gain an
understanding of their
8. Review the seller’s other
items to assess the overall
quality and type of items
they usually trade
9. Review the seller’s trading
history, which shows items
bought and sold over the
past 90 days
10. Contact the seller
WHAT IS PAYPAL?*
Many of the concerns about online shopping, such as misuse or theft of personal and ﬁnancial information
(see page 30), have been resolved by secure online payment services. PayPal (www.PayPal.com.au) is an
online payment company owned by eBay which allows users to shop without sharing sensitive ﬁnancial
information. PayPal has over 105 million accounts worldwide and is available in 55 markets. It launched in
Australia in January 2005 and a year later had almost two million Australian users.
Why use PayPal?
1. PayPal makes online purchases safer and is more convenient than entering sensitive credit card or bank
account data into each website you visit. This is because your financial information is never shared
2. To register with PayPal, you need only provide your account information once. It is stored on PayPal’s
secure, highly encrypted server and is never shared with a seller or merchant
3. The only information shared with a seller when paying with PayPal is your name, email address and
delivery address. You can elect not to inform the seller of your delivery address if you are paying for an
item/service which does not require physical delivery
The PayPal service is provided by PayPal Australia Pty Limited ABN 93 111 195 389 as authorised representative of PayPal,
Inc ARBN 111 900 906 (AFSL No. 283443). You should consider the Product Disclosure Statement (available at https://
www.PayPal.com.au) and whether the product is appropriate for you before deciding to use it.
4. If PayPal users fall victim to a phishing email (see page 30), the company can make a payment to the
user for their loss.
5. PayPal uses state-of-the-art systems and technologies to monitor account activity and employs a
dedicated team of investigators who work directly with law-enforcement agencies to locate and prosecute
6. In Australia PayPal is regulated by the Australian Prudential Regulatory Authority, the Australian Securities
and Investments Commission and the Australian Transaction Reports and Analysis Centre. PayPal also
works closely with the Banking and Financial Services Ombudsman
Sending payments via PayPal allows you to shop online without
sharing your bank account and credit card details with others
WHAT IS BUYER PROTECTION?
PayPal The Buyer Protection Program may provide coverage against loss of up to $1,500 on qualiﬁed
eBay.com.au transactions5 . This program protects eBay buyers against non-delivery of items as well as items
that are signiﬁcantly different to their eBay listing descriptions. eBay sellers who qualify to offer PayPal Buyer
Protection have at least a feedback score of 50 with a rating that is 98% positive.
eBay also has a Buyer Protection Program where members may be eligible for a payment of up to $375 if an
item does not arrive or if it is signiﬁcantly not as described. The eBay Security Centre
(www.eBay.com.au/securitycentre) is the one-stop shop for information about the eBay and PayPal Buyer
Protection programs and safe shopping in the eBay marketplace.
Credit card users may be covered under their credit card’s chargeback facility. Check with your credit card
supplier for more information.
Conditions apply. The PayPal Buyer Protection Program is subject to the terms and conditions in PayPal’s User Agreement.
Escrow. When purchasing high-value items (such as jewellery, artwork or expensive electronics),
use a reputable escrow service, particularly for large amounts not covered by either the eBay ($375)
or PayPal ($1,500) Buyer Protection programs. An escrow service holds a buyer’s money in trust
until such time as the buyer has the opportunity to receive, inspect and approve the goods. eBay
recommends the use of a reputable escrow service such as Escrow Australia (www.escrowaustralia.
com). Do not use an escrow service recommended by the seller without ﬁrst checking they are
Vehicle Purchase Protection. When purchasing a car on eBay, check that it is covered by
eBay’s Vehicle Purchase Protection6 – it can provide up to $20,000 of coverage in the unlikely
event something goes wrong (see www.ebay.com.au/vpp.html for more information).
Before buying online, check to
make sure you are covered
Terms and conditions apply. Vehicle Purchase Protection insurance only applies to the purchase of an eligible vehicle by an eligible purchaser. Buyers must
agree to the terms and conditions to make a claim.
In 2005, antiques enthusiast Sharon Taylor purchased a rare Royal Albert Old English Rose tea set on eBay.
com.au. Unable to ﬁnd the tea set in Australia, Sharon was happy to purchase the item from a seller located
in England for £250 (approx AU$610).
Four weeks after sending payment through PayPal, Sharon had not received the tea set and began to worry.
She contacted the seller, who claimed to have mailed the item. Not satisﬁed with that explanation, Sharon
decided to contact PayPal and lodge a complaint. With the seller unable to prove he had posted the item to
the buyer’s address, PayPal found Sharon eligible for a payment of the full £250.
Sharon was relieved to ﬁnd that by using PayPal to purchase the tea set, she was protected by the PayPal
Buyer Protection Program and able to conveniently recover her money. “There were no problems with the
resolution process. Now I will only ever make a purchase using PayPal,” says Sharon. “If a seller doesn’t offer
it as a payment option I don’t buy from them.”
Conﬁdent in the security of the eBay website and PayPal Buyer Protection, Sharon continues to shop online
and recently purchased a $500 tea set from the US to add to her collection.
WHY SHOULD I COMPLETE MY TRADE ON THE SITE?
A common tactic employed by criminals when attempting online fraud is to entice shoppers to make a purchase
directly from them instead of the website they are shopping on. Think of it as if you were looking at purchasing
a TV in a department store and someone in the store tapped you on the shoulder offering a bargain TV if you
paid them upfront and picked the item up from them in a laneway the next day.
In eBay’s case, criminals will typically attempt fraud using a combination of a fake Second Chance Offer,
payment via instant money transfer (such as Western Union or MoneyGram), a price which seems too good to
be true and an urgent call to “purchase immediately or risk missing out”.
By luring shoppers off eBay, away from eBay’s monitoring of the marketplace, criminals leave their victims
exposed. This is because off-site transactions are not covered under eBay’s or PayPal’s Buyer Protection
To avoid getting caught out:
Never trade off eBay. Ensure that you are the winning bidder or buyer onsite when the listing ends
Check My Messages to see if you receive any emails with a Second Chance Offer for an item you
recently failed to win. To be sure it is authentic, the My Messages email must be titled “eBay Second
Chance Offer for Item...” My Messages can be viewed in My eBay
If an offer sounds too good to be true, it probably is. With millions of items available
online, there will always be other options
Never pay via Western Union, MoneyGram or other instant money transfer payment methods
Remember, eBay is a marketplace that brings buyers and sellers together: it does not hold items sold
on the site, nor does it keep any money as a bond for sellers. In addition, eBay will not write to you to
confirm the seller has sent the goods
Criminals will typically attempt fraud using a combination of:
Fake Second Chance Offer
Payment via instant money transfer (such as Western Union or MoneyGram)
A price which seems too good to be true and a call to “purchase immediately or
risk missing out”
- Example of FAKE second chance offer
Treat Second Chance Offers with suspicion and never pay with Western Union
OUTSIDE EBAY PURCHASE
Zoe Buhagiar was a ﬁrst-time shopper on eBay when she bid on a pair of designer sunglasses. She really liked
the sunglasses and decided to make an offer to the seller of the maximum amount she was prepared to spend
so long as they ended the auction early. The seller accepted the offer and asked Zoe to continue the deal
directly through email and phone calls rather than using eBay’s standard procedures, which enable buyers to
complete their purchase on the eBay website.
Zoe paid for the glasses by direct deposit but they arrived damaged with the lenses loose and two screws
missing. She then went back to the seller, who agreed to ﬁx them at no additional charge and the situation
was ultimately resolved.
Zoe now realises that she was lucky not to have had a worse experience. “I thought this negotiation was
normal as I’d never been on eBay before,” she says. “I now know that as long as I complete the transaction
through eBay I can be covered by a range of protective measures such as eBay or PayPal Buyer Protection.”
Although she experienced no loss, from now on Zoe will always ensure that she is the winning bidder or buyer
on eBay before proceeding with the purchase. “I now always check feedback carefully, only communicate
with my trading partner through eBay and always pay using PayPal.”
EBAY AUSTRALIA SAFE TRADING TIPS
Get to know your seller
Review the seller’s Feedback Rating – this is their online reputation. The positive, neutral and negative
comments provided by other members of the eBay community help customers evaluate a seller’s previous
trading history and gain an understanding of their reputation
Check pictures and descriptions closely and review the seller’s other items to assess the overall quality/
type of items they usually trade
Ask the seller questions if you need more information
Use PayPal.com.au, an online payment service that keeps your account information hidden from the
seller. PayPal’s Buyer Protection Program may cover qualified transactions on eBay.com.au up to
$1,500 where an item has been purchased using PayPal and was not received or was significantly not as
Do NOT use Western Union, MoneyGram or similar cash and instant wire transfer systems
When purchasing high-value items (jewellery, artwork, laptops, etc…)
Use a reputable escrow service, particularly for large amounts not covered by either the
eBay ($375) or PayPal ($1,500) Buyer Protection programs. An escrow service holds a buyer’s
money in trust until the buyer has had the opportunity to receive, inspect and approve the goods
eBay recommends the use of a reputable escrow service, such as www.escrowaustralia.com.au
Be wary of using an escrow service suggested by the seller
Follow eBay’s safe trading guidelines
eBay’s online Security Centre is packed with useful safe shopping tips and information.
Don’t trade off eBay.com.au
Make sure you are the successful bidder on eBay when the item is completed
Be wary of any Second Chance Offers you might receive, especially if they request payment through an
instant wire service such as Western Union or MoneyGram
WHAT SHOULD I DO IF SOMETHING GOES WRONG?
The following advice can assist if you have paid for an item on eBay and it hasn’t arrived or it arrived but is
signiﬁcantly different to its original description on eBay. eBay Customer Service also has dedicated Live Help
instant chat services which can assist in these instances.
1. For item not received or significantly not as described go to www.ebay.com.au/INRprocess and click on
the Live Help link
2. For Buyer Protection Claim inquiries go to www.ebay.com.au/BPclaim and click on the Live Help link
Problem: I purchased an item on eBay and it hasn’t arrived in the mail
Solution: Check the listing
Review the seller’s terms of sale, item description, postage and payment terms.
Have you allowed enough time for the seller to receive and conﬁrm payment?
Have you read the seller’s postage terms?
There are many reasons why delivery may take longer than you expect, for example:
Postage and customs for international transactions can take time. Additionally, international bank
transfers can take up to 14 days to complete
Media mail shipments (containing items such as books, videotapes, DVDs, etc) may take significantly
longer than other postage methods
Some items may be custom-made or assembled before posting, which may cause delays.
Tip: Check Preferences in My eBay to make sure your delivery address is correct.
Problem: I’ve checked the listing and am sure the item should be here by now
Solution: Contact the seller
Most issues between a buyer and seller can be resolved through open communication. You can contact any
eBay seller by clicking on the Ask seller a question link available on all items listed on the site. This feature
allows you to send an email to a seller.
1. Click the My eBay button at the top of any page
2. Click the Won link in the left column
3. Click the item. To contact the seller, click the Ask seller a question link
In addition, the End of Auction email that eBay sends you after you have won the item also contains the
seller’s email address.
Problem: I cannot ﬁnd the seller’s contact details in the manner suggested or the seller does not respond
when I use Ask seller a question
Solution: Obtain the seller’s contact details from eBay
eBay can provide you with contact details of any member with whom you are transacting including their
name, telephone number and city. Remember, in order to obtain this information about another member,
you have to be already involved in a transaction with them.
To request a seller’s contact information visit: www.ebay.com.au/sellercontact
Tip: Check your email spam ﬁlters for messages from the seller. It’s possible that the seller
is trying to email you but your spam ﬁlters are blocking their messages.
Tip: Check your own contact details are up to date. Go to My Account in My eBay and
click on Personal Information. Make sure your email address is correct.
Problem: I have contacted the seller and they have refused to offer a refund or they do not want to resolve
Solution: Open an online dispute with the seller
EBAY ONLINE DISPUTE
If you are in any doubt about or are not happy with your negotiations with the seller, open a dispute. You
can open a dispute between 10 and 60 days after the transaction date (the date when the buyer commits to
buying the item and the seller commits to selling it).
To open online disputes go to: www.ebay.com.au/onlinedispute
Alternatively use the Item Not Received Live Chat service at www.ebay.com.au/INRprocess where you can
communicate with an eBay customer service representative via an instant messaging service.
PAYPAL ONLINE DISPUTE
If you have paid using PayPal, open a PayPal dispute. Buyers have up to 45 days from the date of payment to
open a dispute and up to 20 days after ﬁling the dispute to escalate to a claim (disputes not escalated to a claim
after 20 days will be automatically closed).
To open a dispute, please follow these steps:
1. Log into your account at www.PayPal.com/au
2. Select the Resolution Center tab
3. Click File a dispute
4. Enter or select the PayPal transaction ID for the transaction you would like to dispute
5. Review the transaction information and select a reason for opening the dispute
6. Enter in the details of the transaction and initiate communication with the seller in the Compose Message
to Seller box
Problem: The dispute was not resolved to my satisfaction
Solution: File a claim for buyer protection and leave feedback for the seller
If the dispute process was not resolved to your satisfaction, you may be entitled to lodge a claim in order
to receive a buyer protection program payment. You can lodge a claim through the online dispute process
Items purchased on eBay.com.au using PayPal may be covered under the PayPal Buyer Protection Program,
which can cover qualiﬁed transactions up to $1,500. If PayPal wasn’t used, eBay also has a buyer protection
program where members can be eligible for a payment of up to $375.
Don’t forget to leave feedback. An eBay member’s feedback is their online reputation. While it may not be
appropriate to leave negative feedback at the start of a dispute, it is proper to do so once negotiations have
failed. This helps inform others in the eBay community that they may also encounter the problems you did with
the same seller. To leave feedback, go to My eBay and click on Feedback (under My Account).
Problem: eBay informs me that I undertook a transaction outside of the eBay site
Solution: Provide those offsite transaction details to eBay
Find out more information about these transactions and report them on the Item Bought Outside of eBay form,
which can be found at: www.ebay.com.au/offebay
Problem: I have followed all of this advice and I still believe that I have been the victim of fraud
Solution: Contact police/consumer affairs agency in the area where you believe the seller resides
Criminal matters should be investigated in the jurisdiction where the suspect was located at the time of the alleged
If you are unable to contact police in that jurisdiction, your local police station will be able to provide you with
If you believe the matter involves a business you should also contact your state consumer affairs agency.
Make sure that when you do speak with police or the relevant consumer affairs agency that you are able to
Copies of emails between yourself and the seller
Any records of the transaction
The seller’s eBay ID
Any names by which the seller is known
Any mailing addresses, phone numbers and email addresses
The seller’s bank account (bank, account name, BSB and number) - if you paid via this method
Other means of payment involved
The eBay item number for the listing/s in question (this is available in the top right-hand corner of all listings)
To resolve an issue with an eBay purchase, use the following checklist along with the previous information:
Attempted to contact seller using Ask seller a question
Obtained seller’s contact details from eBay
Opened an online dispute
Directed to Item Bought Outside of eBay form (if appropriate)
WHAT IS IDENTITY THEFT AND HOW CAN I AVOID IT?
Identity theft is the act of stealing personal or ﬁnancial information for criminal purposes, usually ﬁnancial
gain. Identity theft affects consumers at home, at work, in shopping centres and on the internet.
Stolen credit cards, credit card numbers and bank account numbers allow a criminal to access existing credit
cards and bank accounts. They also may assist criminals in opening new accounts that will be charged to the
victim or to obtain other proof of identity documents.
Opportunities for the ofﬂine identity thief are many:
RUBBISH that contains discarded mail or paperwork with account information, or statements
highlighting credit limits and/or savings
MISLAID personal property such as a wallet or purse that contains receipts with account information
and various forms of identification
STOLEN property such as business records, files, letters stolen from your letterbox or other items that
contain your personal details
SKIMMING of credit cards when not in the presence of the cardholder
To help prevent identity theft, consumers should be vigilant. Tick the following boxes to see how many
precautions you take:
LOCK your mailbox and collect your mail every day
SHRED potentially sensitive information such as unneeded tax records and bank or credit card statements,
instead of just throwing them out
REFUSE to give out personal financial information to unknown callers or salespeople over the phone, on
the internet or in person
CARRY only the credit cards that you need on a regular basis and never carry PINs or passwords in a
wallet or purse along with the cards they activate
CHECK your credit card statements (and any other statements such as telephone, electricity and gas)
REGISTER for electronic statements for banking and credit card accounts. These can be viewed any time
of day or night to monitor against fraudulent use and eliminate the need for paper statements, which
can be stolen
KEEP sight of your credit card when paying
SIGN new or renewed credit cards immediately
CLOSE bank and credit card accounts that you are not using
ORDER a credit report regularly and review it to ensure it is accurate
LOCK away sensitive personal information in a secure filing cabinet at home
CONTACT your bank, credit agency or any card issuer (such as Medicare, the RTA, etc) immediately if
cards are lost or stolen
Protecting your identity ofﬂine is just as important as protecting it online
In 2003, Lex Graber received a call from his bank notifying him of a suspicious transaction on his credit
card involving an online expenditure of US$3,500. Having never purchased from the US, Lex conﬁrmed the
spending as a fraudulent transaction and the bank immediately cancelled his credit card.
Following the incident, Lex made practical adjustments to improve security when trading online. He opened
a credit card with a $500 limit and only transfers additional funds if a purchase exceeds the threshold.
Alternative precautions include using PayPal for all his online purchases and carefully monitoring his emails
Three years down the track, Lex has gone on to build a successful eBay store, Graber Bargain, where he
handles thousands of transactions a month. “Buyers and sellers can enjoy their online shopping experience
if they assume a duty of care,” he says. “You must be vigilant. Check who you’re dealing with and ensure you
have all the necessary information about the product.”
WHAT IS PHISHING, SPOOFING AND SPYWARE?
ID THEFT ONLINE
When thieves on the internet go ﬁshing for sensitive information to commit identity theft, it’s called phishing
(pronounced ﬁshing). Phishing is, as it implies, an attempt by scammers to trawl the sea of online consumers
in the hope of netting unsuspecting victims.
The way it typically works is like this: identity thieves send a massive number of generic emails (also known
as “spam”) asking recipients to update account information for their banks, credit cards, online payment
services or popular shopping sites.
Sometimes these emails appear to have been sent from a legitimate company such as a bank, eBay or
PayPal. The fraudster hides behind these credible sources in a practice called spooﬁng, which goes hand
in hand with phishing. The email will often convey a sense of urgency and may assert that the recipient’s
account information has expired, been overcharged, compromised or lost and that the account holder needs
to contact the company immediately. Phishing emails often contain links to an ofﬁcial-looking website to
“assist” this contact. Other times, emails ask the recipient to download and submit an electronic form.
Sometimes malicious software, known as spyware, is hidden in email attachments or on the phoney websites
to which victims are directed. Once on a victim’s computer this software may allow the criminal to see what
is being typed on the victim’s keyboard and to locate sensitive information stored on their computer, such as
internet banking login names and passwords.
Many phishing emails appear very convincing. Some commentators suggest that between one and ﬁve percent
of recipients respond to phishing emails and an even larger number of people cannot tell the difference
between a fraudulent and a real email from an institution.
Phishing has only one purpose: to obtain personal information such as account user names, passwords,
credit card numbers, bank account details and other personal data such as date of birth, phone numbers
and addresses so that criminals can proﬁt. Criminals continue to phish because it is proﬁtable even if a small
fraction of the recipients respond: it is an inexpensive crime to attempt and to repeat regularly.
HOW DO I IDENTIFY A PHISHING EMAIL?
Make no mistake – it is difﬁcult to detect
fraudulent emails. Phishers have become
increasingly sophisticated in their techniques
and technology. However, there are certain
red ﬂags internet users should look for that
are common to many spoof emails:
- Example of phishing email
1. URGENCY/THREATS TO ACCOUNTS. Some spoof emails declare that the recipient’s account
has been billed or is in jeopardy and that authenticating information is required to keep the account from
being closed, suspended, billed or restricted.
2. LOST INFORMATION. Consumers should be wary of claims that a company is “updating” its files
or accounts. Companies such as banks, PayPal and eBay are not likely to lose account information.
3. PERSONAL INFORMATION REQUESTS. Requests for a recipient to enter sensitive personal
information such as a user ID, password or bank account details by clicking on a link or completing an
email form should be treated with suspicion, even if the link takes you to a site that looks official.
4. SENDER’S ADDRESS. Email recipients should not rely on the sender’s email address to validate the
true origin of the email. The “From” field of emails can be easily altered to disguise the true sender.
5. LINKS that appear to connect to a particular site may be forged. Always open up a new browser window
and manually type in the website address.
Treat with suspicion any email asking for
account names passwords or ﬁnancial information
names, ﬁnancial info
HOW CAN I AVOID BEING A VICTIM OF PHISHING,
SPOOFING AND SPYWARE?
The likelihood of online identity theft working can be greatly reduced by following a few simple rules. Tick the
following boxes to see how many of precautions you take:
PROTECT your computer with up-to-date anti-virus/anti-spam/anti-spyware software and firewall
protection (see pages 42-43)
USE the most current versions of browsers and operating systems
CHOOSE secure passwords to protect your accounts
Don’t use passwords that can be guessed, like birthdays, family members’ names or even the word
Use a password that contains a combination of upper- and lower-case letters, numbers and symbols eg:
Use different passwords for different accounts, just like you have a different key to your home, car and
Change your password periodically to help ensure it cannot be guessed
REFUSE to tell anyone your password. Legitimate companies will never ask for your personal details by
FORWARD any dubious emails purporting to be from eBay to
email@example.com, which will verify whether the email is
legitimate. eBay will investigate the source and determine its
authenticity. PayPal offers a similar service at
OPEN a new browser window and type in the URL of the
website that has been forwarded to you as a hyperlink in a
dubious email. Don’t simply click on the link
DOWNLOAD the eBay toolbar, which contains Account
Guard. If you visit a site purporting to be eBay, the Account
Guard will turn green if you are on a legitimate eBay website,
grey if the site’s legitimacy is unknown, and red for proceed with
caution. The toolbar is free to download from eBay.com.au
CHECK online account statements regularly
RESPOND only to emails you know cannot be spoofed. Some
companies communicate directly with their members on their
websites, assuring members and account holders that the
communications are intended solely for them. For example, Keep your computer protected
eBay’s My Messages is a service where members can double with up-to-date software, use
check emails received from eBay or other eBay members. sensible passwords and never
(see pages 13-15 for using My Messages to avoid Fake Second share them with anyone
Simon Bate experienced an account takeover a year ago when someone tried to sell illegal items using his
eBay account. The seller hijacked Simon’s Hotmail and eBay accounts. Simon had the same password based
on his home town for each account, making it easy for anyone to take a guess and take over both accounts.
eBay froze Simon’s account and he was advised that someone had already sold a car and other items with
his user ID.
Simon contacted eBay Live Help (an online messaging service, which allows you to communicate with an
eBay customer service representative) and received assistance instantly. “Live Help assisted in changing my
password and advised me to use a combination of words and numbers to ensure that this wouldn’t happen
again,” he says. “The key lesson I took from this experience was to change my password regularly and never
use the same password for all accounts. Also, I now always send any suspicious emails to
spoof@eBay.com.au and never respond to unsolicited phishing emails asking for personal information.”
WHERE CAN I TURN IF MY IDENTITY IS STOLEN?
Sometimes it can take months before a victim of identity theft becomes aware of the problem. If you have
been the victim of identity theft, you should take the following steps immediately:
CONTACT the police in your area and report the crime
REGISTER your name on the Australian Identity Protection Register (see next page)
OBTAIN a copy of your credit file to confirm someone has used your identity (see next page)
INFORM the credit providers involved of the fraudulent activity; otherwise they may hold you responsible
for any “bad debt” incurred
MONITOR your credit file (see next page)
RETAIN detailed logs of all correspondence relating to attempts to report and correct the fraudulent
To obtain a copy of your credit ﬁle contact:
Public Access Division
PO Box 964
North Sydney NSW 2059
Tel: 1300 762 207
Fax: (02) 9951 7880
Australian Identity Protection Register
The Australian Identity Protection Register was created by the Australian Crime Commission to respond to
the challenges faced by victims of identity theft. This service notiﬁes various federal and state government
and law enforcement agencies of identity theft cases. Once informed, the agencies are then in a better
position to detect and prevent any further fraudulent use of victims’ identities.
If you are victim of identity theft and would like to utilise this service visit your local police station and request
that they submit your details to the register. You will have to complete a police report and form before your
details will be placed on the register. Your details will be kept strictly conﬁdential and provided only to those
agencies with permission to access the register. If you would like more information about the register call
(02) 6243 6666.
COMBATING PHISHING TIPS
Keep anti-virus, anti-spam and other computer security software up to date
Never email anyone your online account details (username and password) – sharing this information is
similar to giving out your ATM card and PIN
Use eBay’s tools to combat phishing, including:
1. spoof@eBay.com.au and firstname.lastname@example.org: if you are ever suspicious of an email you have received
from eBay or PayPal, forward it to these addresses and eBay or PayPal will confirm if it’s a legitimate
2. eBay Toolbar: download the eBay Toolbar featuring Account Guard. It’s free to download and helps
make sure you are on a legitimate eBay site. The Account Guard turns green if you are on a legitimate
eBay website and red when you need to exercise caution
3. My Messages: a message inbox in My eBay where messages originating from eBay systems can be
checked. If it concerns your eBay account, it’s in My Messages
ACCOUNT SECURITY TIPS
Keep separate passwords for each online account
Use a password which is difficult to guess. A random combination of letters and numbers is best
Keep computer security software up to date
Never email anyone your online account details (username and password)
Check online account statements regularly
If you think your eBay account has been taken over, contact Live Help: www.ebay.com.au/accounthelp
If you think your PayPal account has been taken over, contact the PayPal Customer Service Centre
on 1800 073 263
HOW CAN I SECURE MY COMPUTER AT HOME?
The following information has been supplied by AusCERT, Australia’s national Computer Emergency Response
Team. AusCERT provides independent computer attack prevention, response and mitigation advice to
Australian organisations and users that connect to the Internet.
AusCERT recommends applying all these steps to provide the best protection when connecting your computer
to the Internet. Following just one or two steps is akin to locking the front door and back door to your home
but keeping all your windows wide open.
1. KEEP YOUR OPERATING SYSTEM AND OTHER SOFTWARE UP TO DATE
Defects in software are discovered all the time, so it is important to keep your system up to date and
Configure your PC to do automatic software patch updates. This will make the task of keeping software
up to date as easy as possible
Patches should also be applied for your operating system email applications, all browser applications
(such as Microsoft Internet Explorer), and other software in common use, eg: Microsoft Office applications
(Word, Excel, etc)
2. INSTALL A PERSONAL FIREWALL
Every home PC that connects to the internet should have
a personal (software) firewall. Configure it to allow only
essential in and outbound internet connections.
3. INSTALL ANTI-VIRUS AND ANTI-SPYWARE SOFTWARE
AND KEEP THEM UPDATED
Once installed, configure your anti-virus software so it
updates itself at least daily
Spyware scanners complement anti-virus software. They
detect and protect against a variety of programs that can
be secretly installed on your PC by attackers for malicious
Regard opening email attachments and clicking on web
links in unsolicited or suspicious emails as potentially
Schedule daily scans of your computer using anti-virus
software and anti-spyware software to identify whether
you have received malware which your anti-virus software
may not detect and quarantine at the time of entry
4. INSTALL SPAM FILTER SOFTWARE
Spam filters examine incoming email, and can determine
whether it is spam. It will then either block the email or
let it through
Spam filters will not successfully block spam all of the
time. Do not assume all emails delivered to your inbox
are legitimate and worthy of your complete trust, even if
they appear to be from known sources
5. TURN OFF INSECURE FEATURES IN YOUR PC’S BROWSER
Web browsers allow us to surf the web, access our email from anywhere in the world and shop online. It is
possible for attackers to write harmful web-based programs which will automatically be installed on your
PC if you connect to an attacker’s website with your PC’s browser
Different browsers use different security features. For example, Microsoft Internet Explorer’s security
features can be accessed and set via the Tools/Internet Options menu
Home users may prefer to configure their browsers to prompt before allowing these programs or scripts
Although anti-virus software can help protect your PC from most harmful web-based programs, it is still
recommended that you activate as many of the security features on your browser as possible, as antivirus
software will not detect all malicious code on the internet
6. SPECIAL TIPS FOR BROADBAND USERS
Broadband users should consider purchasing a combined broadband modem/router device in order to give
their PC a private network address. This way it cannot be directly reached via the internet and provides a
greater level of protection than a software-based personal firewall would on its own
By turning your PC off when not in use you will reduce the time available for attackers and malicious
programs to attack your computer and also reduce your power consumption
7. PERFORM DAY-TO-DAY TASKS UNDER A USER ACCOUNT WITH LIMITED/REDUCED
By using a limited-user account rather than an account with administrator-level privileges when accessing
email or browsing the web, you can inhibit the ability of some malware to infect your computer
Using an administrator account should be reserved for occasional use when you need to configure the
security features of your computer and install new software from sources you trust. Windows XP allows
the ability to create limited-user accounts
For further detail about any of these matters see: Protecting your computer from malicious code at
WHERE ELSE CAN I TURN FOR ADVICE?
Reporting matters to police and consumer affairs agencies
eBay’s experience is that most suspected fraud is actually miscommunication between buyers and sellers.
Follow our “What should I do if something goes wrong” advice on (page 20). If this does not work, report your
suspicions to the police in the jurisdiction where you think the offender lives (eg: if you live in Melbourne and
you think the offender lives in Sydney, report the incident to the New South Wales Police).
If your complaint involves a business, consider also reporting the matter to the consumer affairs agency in the
jurisdiction where you think the seller lives.
eBay works closely with law enforcement and consumer affairs agencies all around the world. We encourage
those agencies to directly contact the eBay Australia team by sending an email from their government email
address to email@example.com
When Bad Things Happen to Your Good Name brochure:
Australian Competition and Consumer Commission
Department of Communications, Information Technology and the Arts
Internet Industry Association security portal for advice to small businesses online
IT security threats
National incident reporting service
Australian Communications & Media Authority
eBay recommends you download the SpamMATTERS spam reporting tool:
Australian Securities and Investments Commission
HOW TO BUY A CAR SAFELY ON EBAY MOTORS AUSTRALIA
1. Check the car’s value and determine how much you want to pay. Search for the car model you
are considering buying by using eBay’s Completed Listings in Advanced Search, which allows you to view
recently sold items. This will help you get an idea of how much a similar model has sold for recently on
2. Check if the car is covered by eBay’s Vehicle Purchase Protection. it may provide up to $20,000
of cover in the unlikely event something goes wrong (see www.ebay.com.au/vpp.html for more
3. Get to know your seller. read the description and review the pictures closely, check the seller’s feedback
rating and ask questions about the car. If there’s inadequate information, ask for more. If you are in the
same area as the seller, ask for a test drive just like you would when buying a car elsewhere. If you do meet
the seller prior to the sale, be sure to complete the transaction on eBay or you won’t be covered by the
Vehicle Purchase Protection program
4. Use independent third parties for further research. If you can’t do a test drive personally, you can
use an authorised vehicle inspection service (www.eBay.com.au/motors/vehicle-inspections.html) to
check out the car on your behalf. You can also conduct a vehicle history check by visiting (www.eBay.com.
au/vehiclecheck.html) to learn more about a particular vehicle and to ensure there is no finance owing
5. Consider Auction, Buy It Now and Best Offer. There are three easy ways to buy a car on eBay:
AUCTION – our traditional auction format, excellent for getting the best price for a car
BUY IT NOW – our fixed price format that allows you to buy the car immediately at the price set by the seller
BEST OFFER – a feature that gives you the opportunity to negotiate the price online
EIGHT ESSENTIALS TO REMEMBER ABOUT ONLINE SHOPPING:
1. If an offer sounds too good to be true, it probably is
2. Before buying online, check to make sure your purchase is covered if something goes wrong
3. Sending payments via PayPal allows you to shop online without sharing your bank account and credit
card details. It also has a buyer protection program
4. Never pay with Western Union, MoneyGram or other instant wire transfer services
5. Treat Second Chance Offers with suspicion
6. Protecting your identity offline is just as important as protecting it online
7. Treat with suspicion any email asking for account names, passwords or financial information
8. Keep your computer protected with up-to-date IT security software, use sensible passwords and never
share them with anyone