Trade Me hacks me off, says shopper

A Rotorua man is at war with Trade Me over the website's claims that computer "hackers" cannot rip its customers off.

Darryl Wilson claims a computer hacker raided his Trade Me account, took his credit card details and stole $543.

However, Trade Me says its database cannot be hacked into from an outside source, and that Mr Wilson was duped in a scam which enticed him to supply his credit card details to a fake Trade Me website.

Mr Wilson is adamant he did no such thing. A computer security expert has added fuel to the debate by saying no website can claim it is is impenetrable to computer hackers.

"They hacked into my Trade Me site ... changed my email address then loaded a whole lot of stuff there for sale then used my [credit card]," Mr Wilson said. The fraudster used Mr Wilson's card to pay $543 in sale fees.

However, Trade Me sayd Mr Wilson's account was "phished" after a fake spam email was sent to him with a link to a bogus Trade Me website. Trade Me manager of trust and safety Dean Winter said customers who clicked the link were directed to a fake site asking for Trade Me login details. This enabled the phisher to log on to the genuine site.

Mr Winter said Trade Me had recently shut down a phisher from America and contacted the buyers of fake items the phisher had sold.

The Trade Me website was "absolutely not" hacked and was very safe.

"Out of all the transactions that go well on Trade Me, there is a very minor fraction that don't," said Mr Winter.

University of Otago's Information Science associate professor Dr Henry Wolfe said no site was "unhackable".

A computer security specialist, he said hackers' skills advanced in line with improvements in computer safety and they needed to find only one flaw in a website's security to gain access to information on it.

"There are some very clever hackers out there."

EBay, a major online auction site with millions of customers, was hacked into a couple of years ago.

The hacker stole thousands of dollars after posting fake items for sale under customers' accounts.

Dr Wolfe said phishing was one way fraudsters could get hold of customer details but they could also take over computers and the information stored on them by opening an active email or downloading software. Even if computers had anti-virus programmes installed, machines could be taken over without the owner knowing.

Dr Wolfe said Mr Wilson's experience underlined the need for internet users to be aware of security risks.

"I think people are ignorant because they don't have the knowledge of what the risks are."

He urged users to install anti-virus protection programmes, good fire wall protectors and anti-advert and anti-spam programmes.

Another way for users to protect themselves was to have two computers. The primary computer could hold personal details, and by not using the internet through that computer, the information could not be accessed by hackers, he said.