eBay, the global marketplace that has been eclipsed by Amazon in recent years, saw a resurgence in Q2 2020. Spurred by a seismic shift in consumer behavior, the rebirth of eBay included a 29 percent increase in gross merchandise value in Q2. In the same quarter, Vade detected a surge in eBay scams: a 54 percent increase in unique eBay phishing URLs that put eBay on the list of the 20 most impersonated brands in phishing in 2020.
COVID-19 upended every industry in 2020. Global lockdown and quarantine measures halted in-person shopping and resulted in resource scarcities not seen in a generation. Consumers rushed to e-commerce platforms to fill the empty retail space.
After five straight quarters of declining rates in the US, eBay reemerged in Q2 2020 with a 35 percent increase in gross merchandise value. Globally, eBay added eight million new active buyers in Q2. eBay responded to the shift with a series of actions designed to satisfy younger consumers, including releasing a dark mode feature and a host of socially conscious endeavors.
Amazon, whose 37 percent share of the market dwarfs eBay’s 4 percent share, won the e-commerce wars in 2020. eBay is no Amazon, but its upward trend in 2020 caught cybercriminals’ attention, sparking numerous types of eBay scams.
The PPE shortage of 2020 inspired scams across the globe. COVID-themed emails featuring advertisements for face masks and other PPE equipment began making the rounds in March. In April, PPE scams were being reported on eBay. Also in April, eBay removed 500,000 listings for fraudulent COVID-19 remedies.
In May, eBay users were reporting increases in refund requests, with scammers claiming their items were lost, damaged, or missing vital components. eBay users took to message boards to warn other users of the scams, many of them experiencing a hit to their reputations, in addition to their wallets, due to the onslaught of bogus refund requests.
As COVID-19 scams progressed, Vade detected a global increase in phishing emails, up from 16.3 million in March to 42.3 million in April. Around the same time, eBay phishing surged.
eBay, which did not make the list of the most impersonated brands of 2019, came in at #5 in 2020. In Q2, Vade detected 1,579 unique eBay phishing URLs. In Q3, the number of URLs increased to 2,424. A unique phishing URL refers only to the URL and not the number of phishing emails that include the URL, which can be in the hundreds to thousands.
An innovative eBay scam that emerged in 2020 involved used cars, motorcycles, and RVs. Across the US, buyers were duped into purchasing used vehicles—sight unseen—due to COVID-19. In the scam, the vehicles were advertised on eBay and Facebook Marketplace. After contacting the sellers, victims received eBay phishing emails instructing them to complete their purchases with eBay gift cards. The below example of an eBay phishing page captured by Vade in Q1 features a $2,000 purchase order for an RV.
Thousands of similar listings appeared on eBay in a single week in May, with many fraudulent listings being copies of legitimate advertisements. One fraudulent ad for a motorhome was reportedly viewed on eBay 45,000 times.
COVID-19 created a perfect storm that moved markets, leveled businesses, and in the case of eBay and other brands, led to an unexpected streak of good fortune. Cybercriminals watched the situation closely and exploited the situation to the fullest, targeting a number of high-profile brands and their users. To see the full list of the 20 most impersonated brands in phishing attacks and the phishing trends that defined the year, read our report, “Phishers’ Favorites 2020 Year-in-Review.”