Info@NationalCyberSecurity
Info@NationalCyberSecurity

Trade Me’s cybersecurity ‘stuck in 2010’ as people continue to fall victim to scams, expert says | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Trade Me is “stuck in 2010” when it comes to cybersecurity and protecting its users from scams, an expert says.

For months, people using the online marketplace have been faced with scams, including long-time user Kent Maynard.

In September, he purchased an item for $470 with the money coming out of his account instantly.

When the same item was re-listed that afternoon, he tried to get in touch with the seller and received no response.

Maynard contacted his bank, Westpac, that day and was told there was a three-hour payment clearing window and the funds were gone.

Stuff

New AI-powered chatbots are creating new tools for cyber criminals, Norton Antivirus’ systems engineer Dean Williams says.

A police investigation found the money had been paid into an account with global currency transfer company Wise, meaning it would have gone offshore and the police had no authority to investigate further.

Westpac advised Maynard to contact ANZ, as they provided bank accounts for Wise. ANZ was unable to help.

Maynard was only able to get his money refunded after Westpac failed to follow its internal policy requiring customers who have been scammed to be immediately referred to its fraud team.

“This very unusual and we will certainly address this isolated incident. Accordingly, it is only right that we reimburse you for the service failure on our part,” Maynard was told.

Maynard said both Trade Me and banks needed to do more to protect their users.

Cert NZ manager of threat and incident response, Jordan Heersping, said it could not provide the number for complaints relating to a specific website.

However, from January 1 to June 30 this year, the government cyber-security agency received reports of 643 incidents where someone was scammed when buying, selling or donating goods online.

Co-chief executive of cybersecurity company DarkScope, Joerg Buss, says Trade Me was stuck in 2010 when it comes to cybersecurity.

SUPPLIED

Co-chief executive of cybersecurity company DarkScope, Joerg Buss, says Trade Me was stuck in 2010 when it comes to cybersecurity.

James Ryan ,Trade Me policy and compliance manager, said cybercrime was increasing across the world and Trade Me was not immune to this.

“However, we have a whole team of people based right here in Aotearoa who are dedicated to protecting our members.”

For security reasons, he could not go into detail about the potential systems and processes it had in place to protect consumers on the site.

Instead, he recommended customers used Ping, its instant payment option, so they were covered by its buyer protection policy.

His advice also included never sending or handing over items until you have received the money, updating passwords regularly, being aware of phishing emails and reporting any suspicious behaviour.

“We also work with the police to protect our community and hold people accountable. This could include helping members contact the police when a trade goes wrong, or helping the police track down bad agents by formally sharing account information to assist with the investigation.”

But co-chief executive of cybersecurity company DarkScope, Joerg Buss, said Trade Me could and should do more to protect its customers and become more proactive.

“From a security feature and development point of view, they are still in 2010 and not 2023.”

The password requirement for an account was only eight characters, there was no multi-factor authorisation option and users had the ability to freely choose their location to make them appear in the country when they are not, he said.

“For years, it seems to me that Trade Me has been optimising its backend to be more efficient to sell more items through its platform, but user security was not part of this development.

“They have implemented new ways for how a seller can sell items more easily and, with Ping, they created a way to make buying items more easy. However, I doubt that user security was part of the reason why they introduced it.

In the first six months of this year, government cyber-security agency Cert NZ received 643 reports of people being scammed when buying, selling or donating goods online.

Supplied/Stuff

In the first six months of this year, government cyber-security agency Cert NZ received 643 reports of people being scammed when buying, selling or donating goods online.

“A business like Trade Me should be more proactive and provide users with all modern ways to secure their accounts and even push those technologies and make them mandatory.”

Consumer NZ campaigns manager Jessica Walker said the watchdog believed platforms, such as Trade Me, had as much of a responsibility to prevent scams as banks.

“Trade Me, Facebook Marketplace and similar trading platforms are regular vectors for fraud, like non-delivery of items, and scams too, like fake adverts.

“While Trade Me and other such platforms have dedicated teams to stop scams and fraud, ultimately they rely on trust, if someone is out to scam you, then there is little these sites can do.

“Trade Me has traditionally worked closely with the police to follow up on fraud if the offender is in New Zealand. When an offender is offshore, there is little if any recourse for the person who has been scammed.”

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW