As covered in Part I, eBay's success makes it a huge bullseye in cyberspace. This grim reality can be countered and the threat defused, with common sense precautions and modest effort.

Phishing in eBay's Ocean
The first and surest rule of self preservation on eBay, and its related sites, is to never click on a hyperlink in an eBay or PayPal e-mail. Once you do this with a spoof mail, the hijacker can, at the least, harvest your e-mail address. If you fill in the fields requesting passwords and other sensitive data on a fraudulent Web site, your account, and possibly your identity, may be hijacked. If eBay and PayPal did not use hyperlinks in their legitimate e-mails, this would not pose much of a problem — but they do, and they are not likely to stop the practice.

The majority of eBay and PayPal e-mails are promotional pitches. But some of these offer "discount days" for listings and other features that are useful to sellers, as well as important communications such as fraud alerts, changes in policy, or personal account issues that must be addressed.

A safe alternative for those with spam-filtering or account problems, or who simply want to read all eBay missives, is to log into eBay via the "My eBay" link at the top of the site map or any auction page. Selecting the "My Messages" link on the left sidebar leads to all legitimate e-mails sent by eBay. The messages can be deleted, cleaning the inbox. While this process does not offer the instant gratification of clicking on a link, it is the safest means of reading everything eBay has to say to you.

If you wish to live dangerously, or you cannot control your curiosity, eBay now offers Windows users a free toolbar that flashes a warning when it believes a browser is pointed towards a fraudulent Web site. Named "Web Caller ID," the utility uses a behavioral detection mode that checks Web sites for long or convoluted URLs or recently registered domains. When catching a spoof site, the tool blocks a user's browser from the site.

To download the toolbar, go to the 'Services' link at the top of any eBay auction page, scroll down in 'Tools"to "eBay Downloads." The toolbar also links your desktop to the eBay site and can be used for searches on the site.

PayPal Issues for Buyers & Sellers
At this point, PayPal phishing attempts are nearly as prevalent as those targeting eBayers, but given that PayPal accounts are frequently linked to bank accounts, the stakes can be higher.

A hijacked PayPal account can make your money or goods disappear instantly, with little to no chance of recovery. PayPal does offer up to a $500 fraud refund to "qualified buyers," but the proverbial ounce of prevention can save you from this grief process.

PayPal's "Fraud Prevention Tips," and good sense, dictate several precautions before paying anyone through the service:

• Check the seller's feedback. If the seller has a history of negative feedbacks, think twice before placing a bid. Use extra caution if the seller is new, with few feedbacks.
• Make certain the seller is a "Verified" member of PayPal and has been a PayPal member for at least several months. To check a seller's status, go to the "Send Money" tab and start a payment to the seller. On the "Check the details of your payment" page, before the payment is sent, click on the seller's reputation link, for instance, "Verified Premier Member." Click on the link to find more information on the seller's current membership status.
• Do not send PayPal payment to any seller who claims to be "having problems." Avoid anyone who claims their PayPal account is not working and wants you to send payment through "a friend's" PayPal account or via an alternate form of payment, such as Western Union or electronic funds transfer through a bank. Do not complete the transaction and report the seller to eBay as a 'Non Selling Seller.'
• Do not pay sellers with greatly delayed shipment dates. PayPal rules prohibit sellers from shipping 20 or more days after receiving payment. In fact, if a shipment is to be delayed more than a week after payment is received, the seller should have a very good reason to be suspicious.
• If it seems too good to be true...it probably is Be wary of sellers who offer far below market prices on hard-to-find items, or who seem to have many of the same scarce items.
• Use extra caution on high-ticket, popular items. These are the favorites of scammers.
• When in doubt, send an e-mail. In any dubious situation, it is wise to e-mail questions to a seller before placing a bid, particularly regarding payment and shipment terms. If a seller is offering multiples of popular or difficult to find items, ask for and check the legitimacy of his supplier. If the seller says, 'No way, scram,' do just that.

The Mutating Phish
Phishes are mutating germs, quick to adapt to preventive measures. Rather than account suspension threats, some recent phishes use warnings. A spoof e-mail I received in early April, mimics a legitimate PayPal security e-mail but with this header: "You have added a new e-mail address to your PayPal account." The e-mail text continues, "if you did not authorize this change contact PayPal Customer Service at..." There follows a hyperlink only slightly dissimilar from the legitimate PayPal security link, and further advises, "NEVER give your password to anyone. ONLY Log in securely at" A second fraudulent hyperlink follows, again, only slightly dissimilar to the real PayPal link.

As with eBay, the only sure bulletproofing is never click on a hyperlink in a PayPal e-mail. Instead, open a new browser and type in the PayPal URL, or use your Favorites to access the site.

A more direct threat to eBay sellers are thieves who pay for goods with hijacked PayPal accounts. A first precaution is to double check PayPal email payment notifications on the PayPal site — particularly with buyers who show few eBay feedbacks. Then check the buyers PayPal registration history and status. If anything appears amiss, contact PayPal This is not foolproof, as the victim may not yet know their account has been hijacked, but it is a viable first line of defense.

Wi-Fi Precautions
Most Wi-Fi or wireless Internet connection problems stem from errors of omission. Nearly all Wi-Fi routers come with security features that change the systems default settings, conceal the connection from others, require passwords for network access, and encrypt the data sent over it. The problem is that many Wi-Fi users fail to secure the system with these features.

"To some degree, most consumers are intimidated by the technology," claims Roberta Wiggins, a wireless analyst at the Yankee Group, a technology research firm.

SBC, the top provider of digital subscriber line (DSL)connections, sends out its routers with encryption turned on by default. But SBC accounts for only about 10 percent of routers in use — most other users must secure their own systems. Failure to do so allows anyone with a Wi-Fi-enabled computer to tap into an unsuspecting user's base station from within 200 feet, and, with advanced antennas, up to a quarter-mile away. It is wise to work through the procedures necessary to activate a Wi-Fi system's security features before using it.

Even with a secured home system, there are Wi-Fi perils on the road. Wi-Fi connections are widely offered in coffee shops across the nation. Large national chains such as Starbucks take steps to protect their networks, but smaller coffee shops often leave their connections wide open. It is best to enquire about security before using a Wi-Fi connection in a retail store or hotel. Also, use caution at institutions such as college campuses or any location that does not monitor users.