WTF? eBay says I can’t charge more than $3 to ship an item in the DVD category. I’m selling a 2-pound boxed set. The cheapest USPS rate is $3.16 for media mail. I appreciate the effort to prevent sellers from overcharging for shipping, and $3 leaves plenty of room for most DVDs…but apparently it hasn’t occurred to them that people might be selling larger boxed sets.

Anyway, I’m selling some Farscape DVDs on eBay. The auctions end Sunday, November 29.

I’ve had parts of this in draft form for at least 2 years. Last night, while brushing my teeth, I decided to pick it up with a new approach. This morning, I jotted down a couple of notes. And earlier this evening I saw Comics Should Be Good’s post, Where do you buy your comics?—and realized the time had come to actually finish the darn thing.

How I searched for back issues of comics in…

1988:

  1. Look at the local comic store.
  2. Wait for a convention that my parents were going to.

1998:

  1. Look at the local comic store.
  2. Drive around to other stores.
  3. Save up for San Diego Comic-Con.
  4. Look on this new site called eBay.

2008:

  1. Look at a couple of local comic stores.
  2. Look on eBay and Mile High Comics (singles)
  3. Look on eBay and Amazon (for trades & hardcovers)
  4. Look at a convention.
  5. Look for other sources on the net.

Two main things have changed: mobility (I couldn’t drive when I was 12) and the web. Continue reading

Someone I know encountered a really sneaky eBay phish this weekend. It arrived through eBay’s official “Ask seller a question” system, and consisted of a simple request: Was his auction the same as the auction at the following About Me page?

The URL was a normal eBay URL of the form http://members.ebay.com/aboutme/_____. Pasting the link into another browser brought up the user’s About Me page… which consisted of a spoofed eBay login form that would submit the username and password to a page hosted at Yahoo.

So it not only came through eBay’s official messaging system, but the form appeared on eBay’s own website, meaning it bypasses many of the usual cues. It’s not a secured page, but use of SSL for login pages is still spotty enough that a user could easily miss that. And how many people have noticed that eBay only puts login forms on signin.ebay.com? You have a slightly better chance if you have a browser like Opera, which shows you the target* of a form when you hover over a button. If you think to look at it. Continue reading

OK, I appreciate that eBay has a dedicated email address for reporting phishing attempts. I appreciate that their abuse department is a lot busier than I am, and therefore has to rely heavily on form letters. And I appreciate that they’re making an effort to educate the public on how to spot phishing and avoid getting caught.

But when I forward them a message with the comment, “Here’s a sample of a blatant phish,” is it really necessary to reply with the full two-page notice explaining, “This is a spoof, we didn’t send it, here’s how to avoid it, blah blah blah” and the entire body of the original message, complete with the links to the phishing site?

I’d think in this case a simple, “Thanks for the report, we’ve notified the authorities” note would be sufficient, especially since the “how to spot a phish” stuff is already in the auto-response. All it takes is giving their abuse staff an extra choice for the form letter.

And under no circumstances should they be including the full, original text of the phish. At best, it’s asking for the response to get lost in a spam box or blocked outright. At worst, it’s a security risk waiting to happen (since this copy really did come from eBay). Somewhere in the middle is the risk of mucking up adaptive filters as they try to reconcile the original message, which was spam, with the new message, which isn’t.

eBay must have some sort of blanket advertising deal with Google, because the “sponsored links” you get for some searches really don’t make any sense.

Case in point: I did a Google search for the phrase, “nigerian scam,” and saw the following ad:

Looking for Nigerian Scam? Find exactly what you want today

Wow, when they say, “Whatever it is, you can get it here.”—they really mean it! 😉

Interestingly, if you search for “419 scam,” you get the same type of ad, but not if you search for “advance fee fraud.”

I tried a few random search terms, and from what I can tell, eBay’s ad shows up on many—but not all—two-word searches. I’m not sure what the pattern is, but I can’t imagine someone at eBay deliberately asked to buy ad space for some of these phrases.

But in a show of accuracy, if you search for “random stuff,” you’ll find it!