ato reactive training 1st level jasmin kazi 10.08

ATO Reactive Training 1st Level

Jasmin Kazi 10.08

eBay Inc. confidential2

Agenda

• ATO Definition

• How ATO happens

• Levels of ATO

• Action taken by eBay

• ATO Suspension

• Other tracking issues


How Takeovers happen?

• Spoof/Phishing

• Password not secure

• Compromised email

• Virus, Trojans, Keystroke-Loggers


SPOOF / PHISHING


Spoof example 6 / Account Takeover


Password Security


Compromised Email

Once the email address is compromised the acker can:

• Change eBay password

• Forward the emails received to a non authorized person.

• Send emails from this address to offer inexistent items.


Viruses, Trojans, Keystroke-Loggers

To avoid virusestrojans or keystroke loggers

• Use an Anti-Virus

• Update the anti virus

• Use a firewall

• Scan your PC often.


Tools

Suspect IP Suspicious activities Suspicious profile

ToolInvestigation

LVIS

SHATO

Listing violation inspection System

SH/ATO Referral Form


…..any questions??????


The ATO Types


The ATO levels

1.Compromised Accounts

2.No Activity ATO

3.Bidding ATO

4.Selling ATO

5.Spam ATO


Compromised Accounts

An account si compromised when 3rd party was able to access the account but nothing has been changed.

This can be detected by our system through the IP address.

Action taken by eBay:

Randomize PW email to user to reset the PW

Macnote: restore no contact

Issue 1 dropped automatically


ATO no activity / inactif

ATO no activity happens when 3rd party access to the account and changes some account details (i.e. PW, email address etc)


Randomize PW + restore old details

Self remedy issue 34 open by ATO: email sent with the steps to follow by user in order to proceed with verification (PIN code)

Issue block activity until the verification is done: issue closed automatically


ISSUE 34 (Self remedy)


ATO Selling

A third party hacked the account in order to list items (inexistent) and get the money



Remove listings/FB/ credit fees etc

Issue 12: email sent requesting identity verification. In this case member needs to contact CS.

For EEC: POI/POA

Issue block activity until the verification is done: issue closed by CS


ATO Bidding/ Buying

A third party hacked the account in order to buy items (with fraudulent payment methods)



Remove bids/remove upi strikes etc

Issue 12: email sent requesting identity verification. In this case member needs to contact CS.

For EEC: POI/POA



ATO Spam

A third party hacked the account in order to send some spam emails



Issue 12 open by ATO: email sent requesting identity verification. In this case member needs to contact CS.

For EEC: POI/POA



ISSUE 12


Dormant Account: issue 56 / ATO suspension

• In order to protect dormant accounts from being victim of ATO, the system detects that no activity for +12 moths

• An issue 56 will be automatcally dropped for tracking purposes and then the account might be suspended for ATO

• Member receives an email to explain how to get access to the account again: POI/POA


Other Issues

Issue for tracking purposes only:Issue for tracking purposes only:

•Issue 21: flags IP address from RomaniaIssue 21: flags IP address from Romania

•Issue 22: suspicious sign in (different countries)Issue 22: suspicious sign in (different countries)


ISSUE 21


When users will contact us?

ATO situations

I think someone uses my account….

Items have been sold on my account but it was not me……

I‘ve never bid on this item…..

Can‘t access to my account……

Action we need to take:

Verify selling/buying activity (type of items, when happens)

Less 30 days: open a SHATO Report

More 30 days: reassign case to C.M.

ato reactive training 1st level jasmin kazi 10.08

Documents

ebay ato suspension

spam ato slide

activity ato

cs slide

ato spam

account takeover slide

ato levels

bidding ato