Business Owners – Be Careful where you Sell End-of-Year Inventory

An online scammer recently tried to dupe the daughter of a Pearl Software employee.  The scammer was double-crossed, revealing his true country of origin, source IP and ISP.  The FBI is now involved.

For many small businesses, the lure of selling end-of-the-year inventory on eBay or Craigslist is tempting. The problem is that these sites can be littered with scammers looking for unprotected sellers that are not highly cautious during the holiday season. What follows are a
few of the biggest scams that can cost businesses serious money and aggravation.

A scam that often occurs during the holidays is fake buyers who will complete the purchasing process through PayPal for items from a small business. Once the honest seller sends the item, the scamming buyer files a dispute or chargeback with PayPal saying that he or she never received the merchandise. This is dangerous because, in most instances, PayPal will side with the buyer if the seller has failed to take precautions.

Account Hijacking is a problem that proliferates on eBay during the holidays. During the holiday rush, it can be easy to be lured to a seemingly great deal, allowing your password to fall into the hands of a scammer. Scammers will use your password to access your account in order to sell non-existent items to unsuspecting buyers. A business is left less the price of its purchase, which will never arrive.

A common Craigslist scam is when a business places an ad to sell some end-of-the-year merchandise and is contacted by a scammer who is interested. The scammer then sends a phony check for more than the item’s listed price. The scammer then contacts the business with some explanation, such as he or she accidentally wrote the check for the wrong amount, and asks for a check that covers the balance over the item amount. This is usually done over a slow buildup of trust and clever obfuscation.  Unaware that the buyer’s check is a fake, the seller deposits the phony check and sends the amount above the balance before the buyer’s check clears. In the end, the business is out the amount that it sent the phony buyer.

Small businesses run the risk of being scammed any time of year, but it becomes a bigger risk during the holidays. While avoiding using eBay and Craigslist for selling end-of-the-year merchandise can help protect your business during a season of heightened scamming, what about the rest of the year?

Take precautions such as using the eBay/PayPal Security Key, and be sure to follow all of their security measures. One of them is to never reply to or click on links in e-mails purportedly from eBay even when you are expecting them. Instead, log into “My eBay” to check correspondence and make any replies.

By regularly logging into eBay to check your account, you can see any activity that you did not authorize, which is the sign that the account has been hijacked. If it looks as though this is the case, immediately contact the eBay Security Center.

Never allow your browser to automatically enter your eBay or PayPal passwords, and above all, utilize robust web filters, antivirus and antispyware tools to help prevent infection by password-capturing Trojans and DNS hijacking. If employees have computer access, consider employee monitoring software to avoid data breaches of sensitive credit card information in your database.

Only send items to Confirmed PayPal addresses, and document each step of the sale by taking pictures of items prepared for shipping along with tracking numbers. Always keep the emails saying that the item was delivered, and follow-up with buyers after delivery of the items. If possible, try to get them to state in the email that the product was received and that they are satisfied. You can do this by asking your buyers to rate your transaction.

It can be difficult for small businesses to safeguard against Internet scammers when they are only focused on selling merchandise. By developing a proper buyer/seller protocol as well as implementing sophisticated tools to inhibit data breaches, businesses can benefit from selling online while minimizing the risks.

Posted in Cyber Security.