Auction and trade fraud
Online auction fraud is one of the most commonly reported cases of Internet fraud. In the business of auction and trade fraud, the seller attempts to scam the buyer by providing him fraudulent misrepresentation about the product. He manipulates the auctions or does not deliver the product after it is paid. The other way round is also possible, when the buyer tries to scam the seller. Auction and trade fraud is one of the biggest incidents in cyber criminality regarding the number of user complaints. According to the FBI in 2008, the non-delivery of goods accounts for 32,9% and auction fraud for 25,5% of user complaints. This and the fast growing market volume of online trading imply that it is substantial to identify the given threat scenarios and the respective countermeasures. In the following section, specific threats scenario and prevention approaches in two (sub)cases are considered: (i) the seller wants to scam the buyer (ii) the seller is scammed.
The most common case is where the seller wants to scam the buyer. Several scenarios can take place from the seller perspective. Table 2 summarizes the three main scenarios, the possible threats/attacks and available countermeasures.
Threat Scenarios related attacks | Prevention approaches |
Dummy bidders |
– User verification – Captcha queries |
Withholding of goods |
– Payment system with dispute of charges – Trustees – Smart contracts – Sellers in his own country or country with trade laws – User verification |
Misrepresentation |
– Trustee – Feedback distribution – Product on other sites |
In the next subsections each threat scenario the related countermeasure is described in more details.
Dummy bidders scenario and related Prevention approaches
In this scenario, one option for the seller is to outbid the buyer by dummy bidders. This can be achieved with multiple manually managed fake accounts or (in a more professional way) with bots. The accounts that are under seller control try to boost the price by overbidding the buyer who gets the impression that the item he is bidding on is more valuable because of the big interest by the dummies. When the scam fails and one of the dummy bidders wins the auction the seller has no loss, because he just has to buy the item himself. From the users’ perspective these illegal actions are hard or impossible to detect. Possible countermeasures can only be achieved by the trading platform. In this context possible prevention approaches can be based on:
- user verification on the platform. This ensures a higher level of security, but it also means a higher effort and registration delay for the users; this could be a competition deficit for the trading platform.
- the implementation of captcha queries, that is, a type of “challenge-response” test that is used in computing to determine whether or not the user is human. Even if captchas are considered to be solvable by bots, this easy method increases the necessary effort to develop trading bots for the seller.
Withholding of goods scenario and related prevention approaches
In this scenario, in order to scam the buyer, the seller can also use a much easier option, which is the withholding of goods after the payment. Because the high possibility of getting his account blocked after the scam, the seller has to frequently change his fake accounts. Here the buyer has a variety of options to avoid this scam. First he should use a payment system like credit card or other system that allow the dispute of charges. The problem here is that this payment method increases the uncertainty for the seller, who cannot be sure whether he receives the payment.
A better but more expensive way is the use of trustees, who receive and keep the payment until buyer and seller confirm the successful exchange of the goods. After the confirmation the trustee forwards the payment to the seller. The trustee can be represented by the trading platform or a third party. One disadvantage of human trustees is the validation of their credibility. Furthermorre, they have the opportunity to scam you too. One fairly new opportunity for trustees with human involvement are so-called smart contracts. This new technology is part of crypto-currencies like Bitcoins and Ethereum and supports the execution of a code which is verified by the P2P network. This code can manage crypto wallets and the cash stored on them, which can be used to send money to the seller when both parties have confirmed the trade, just like a normal trustee (Juels, Kosba, and Shi 2016). With increasing popularity and acceptance of crypto-currencies, this could be a good way to handle transactions without the need of individual intermediaries.
A second option for the buyer to reduce the risk to get scammed by the seller is to buy from sellers in his own country or from countries that have common trade laws or some partnership in law enforcement as its present inside the European Union. By this, the chance of a successful persecution of the seller is increased. User verification is an option as well especially for sellers, but the buyer can also rely on ratings provided for the seller and the feedback from other users on the respective product. The problem here is that this information can also be manipulated by dummy bots, bought or faked comments and fake accounts under control of the seller.
Misrepresentation scenario and related Prevention approaches
In this scenario, misrepresentation of information can be used to simply boost or overrate the price of a given product. Comment and rating sections can be manipulated, but also the information about the product. Here the description of the listed defects and features can be glossed as well as product pictures.
For this scenario the countermeasures are kind of similar to those presented in the previous sections. The security can be enhanced by a trustee system, which ensures that the payment is only executed when both participants are satisfied with the trade. Feedback-based mechanisms and especially the feedback distribution is helpful, because a product with many positive and many negative comments can be a warning sign and, when buying new products on a particular website, a preliminary investigation of the product on other websites can be useful as well.
Even if most internet auction fraud is focused on the sellers, in this second case the opposite perspective is considered. In particular, here the buyer wants to scam the seller. For this case, four threat scenarios are identified. Table 3 summarizes the four main scenarios as well as available countermeasures, which are described with more details in the next subsections.
Threat Scenarios related attacks | Prevention approaches |
Low bid/high bid/not pay |
– User verification – Trustee |
Not pay goods |
– Shipping warranty – Trustee |
Switch and return | – Serial number store |
Feedback Extortion | – Legal actions |
Low bid/high bid/not pay scenario and related prevention approaches
Like the seller in the examples listed above, in this scenario, the buyer can manipulate auctions, too. He can place a low bid followed by a very high bid with another account. After the auction is finished, the account with the high bid refuses to pay and so the seller is forced to repeat the auction or, what is desired, to give the product to the second highest bid, which is the same buyer (Government of Canada 2017). The user can prevent other bidders from participation in the auction by this method, which lowers the price competition. The risk of this scam can be prevented by user verification. This prevents one buyer from registration on two accounts and simplifies the legal actions, when the buyer does not pay for a binding bid. Furthermore, the employment of a trustee system is possible, where a user can only bid when he has given the trustee sufficient money, which he gets back when he does not win the auction.
Not pay goods scenario and related prevention approaches
In this scenario, the buyer does not pay for delivered goods or claims that he has not received the item (Rampen 2017). Both can be prevented by the seller when the shipped merchandise is covered by warranty (Internet Auction Fraud 2017) which has the downside that it makes the product more expensive which can be a problem for products in the lower price segments. Also trustee mechanisms, represent a viable approach to improve the security in this context.
Switch and return scenario and related prevention approaches
Switch and return is a method where the buyer has a broken or malfunctioning product without warranty. Based on that, he orders a new version of his device, exchanges the broken and the new one and sends the broken version back, claiming that the product came broken and that it should be replaced or refunded (Rampen 2017). A good countermeasure for that is the storing of the serial numbers by the buyer.
Feedback Extortion scenario and related prevention approaches
In this scenario, the buyer receives the product regularly but denies paying the money for the delivered good and wants to get his money back or tries to get a discount. He tries to achieve that by blackmailing the seller with negative feedback on the product. Because positive feedback is crucial for the seller, he is very vulnerable at this point. The only way for the seller is to take legal actions against the buyer.