ato reactive training 1st level jasmin kazi 10.08
TRANSCRIPT
ATO Reactive Training 1st Level
Jasmin Kazi 10.08
eBay Inc. confidential2
Agenda
• ATO Definition
• How ATO happens
• Levels of ATO
• Action taken by eBay
• ATO Suspension
• Other tracking issues
eBay Inc. confidential3
How Takeovers happen?
• Spoof/Phishing
• Password not secure
• Compromised email
• Virus, Trojans, Keystroke-Loggers
eBay Inc. confidential4
SPOOF / PHISHING
eBay Inc. confidential5
Spoof example 6 / Account Takeover
eBay Inc. confidential6
Spoof example 6 / Account Takeover
eBay Inc. confidential7
Password Security
eBay Inc. confidential8
Compromised Email
Once the email address is compromised the acker can:
• Change eBay password
• Forward the emails received to a non authorized person.
• Send emails from this address to offer inexistent items.
eBay Inc. confidential9
Viruses, Trojans, Keystroke-Loggers
To avoid virusestrojans or keystroke loggers
• Use an Anti-Virus
• Update the anti virus
• Use a firewall
• Scan your PC often.
eBay Inc. confidential10
Tools
Suspect IP Suspicious activities Suspicious profile
ToolInvestigation
LVIS
SHATO
Listing violation inspection System
SH/ATO Referral Form
eBay Inc. confidential11
…..any questions??????
eBay Inc. confidential12
The ATO Types
eBay Inc. confidential13
The ATO levels
1.Compromised Accounts
2.No Activity ATO
3.Bidding ATO
4.Selling ATO
5.Spam ATO
eBay Inc. confidential14
Compromised Accounts
An account si compromised when 3rd party was able to access the account but nothing has been changed.
This can be detected by our system through the IP address.
Action taken by eBay:
Randomize PW email to user to reset the PW
Macnote: restore no contact
Issue 1 dropped automatically
eBay Inc. confidential15
ATO no activity / inactif
ATO no activity happens when 3rd party access to the account and changes some account details (i.e. PW, email address etc)
Action taken by eBay:
Randomize PW + restore old details
Self remedy issue 34 open by ATO: email sent with the steps to follow by user in order to proceed with verification (PIN code)
Issue block activity until the verification is done: issue closed automatically
eBay Inc. confidential16
ISSUE 34 (Self remedy)
eBay Inc. confidential17
ATO Selling
A third party hacked the account in order to list items (inexistent) and get the money
Action taken by eBay:
Randomize PW + restore old details
Remove listings/FB/ credit fees etc
Issue 12: email sent requesting identity verification. In this case member needs to contact CS.
For EEC: POI/POA
Issue block activity until the verification is done: issue closed by CS
eBay Inc. confidential18
ATO Bidding/ Buying
A third party hacked the account in order to buy items (with fraudulent payment methods)
Action taken by eBay:
Randomize PW + restore old details
Remove bids/remove upi strikes etc
Issue 12: email sent requesting identity verification. In this case member needs to contact CS.
For EEC: POI/POA
Issue block activity until the verification is done: issue closed by CS
eBay Inc. confidential19
ATO Spam
A third party hacked the account in order to send some spam emails
Action taken by eBay:
Randomize PW + restore old details
Issue 12 open by ATO: email sent requesting identity verification. In this case member needs to contact CS.
For EEC: POI/POA
Issue block activity until the verification is done: issue closed by CS
eBay Inc. confidential20
ISSUE 12
eBay Inc. confidential21
…..any questions??????
eBay Inc. confidential22
Dormant Account: issue 56 / ATO suspension
• In order to protect dormant accounts from being victim of ATO, the system detects that no activity for +12 moths
• An issue 56 will be automatcally dropped for tracking purposes and then the account might be suspended for ATO
• Member receives an email to explain how to get access to the account again: POI/POA
eBay Inc. confidential23
Other Issues
Issue for tracking purposes only:Issue for tracking purposes only:
•Issue 21: flags IP address from RomaniaIssue 21: flags IP address from Romania
•Issue 22: suspicious sign in (different countries)Issue 22: suspicious sign in (different countries)
eBay Inc. confidential24
ISSUE 21
eBay Inc. confidential25
…..any questions??????
eBay Inc. confidential26
When users will contact us?
ATO situations
I think someone uses my account….
Items have been sold on my account but it was not me……
I‘ve never bid on this item…..
Can‘t access to my account……
Action we need to take:
Verify selling/buying activity (type of items, when happens)
Less 30 days: open a SHATO Report
More 30 days: reassign case to C.M.