Yahoo!, Amazon & eBay: Is Imitation Always Flattery?

It’s said that imitation is the sincerest form of flattery. If so, there are a lot of wet kisses being blown back and forth between the largest and best-known e-commerce companies.

Yahoo! (Nasdaq: YHOO) is the latest to dye its hair the same color as all the others. On Tuesday, the Internet portal unveiled a plan to integrate used items, closeout items and auctions into its existing shopping hub.

Sound familiar?

It should. (Nasdaq: AMZN) does it. Search for a book published more than a few weeks ago and you’ll get an offer to buy a used one instead of a new one.

And eBay (Nasdaq: EBAY) is actively working to do it better than anybody else, by merging and eBay into one big happy family, where virtually everything and anything can be bought, sold, bid on or haggled over.

X, Y and Zzzzzz

Now, it’s not impossible that the three amigos arrived at the same strategic business conclusion independently.

It makes sense, after all. If Customer X is looking for Product Y, X may not care if Y is new in the box or smelling faintly of mothballs. Why not cast as wide a net, offer as varied a menu as possible?

The only thing is, the decisions to forge this multi-tiered sales model haven’t exactly been reached simultaneously. In fact, the three have played a game of strategic hopscotch for a while now, and it’s getting nauseating to watch.

One by one they have all added e-commerce services, doing for others what they did for themselves. Keeping up with the Joneses is one thing; keeping up with two Joneses must be exhausting.

All Together Now

Yahoo!, Amazon and eBay share common visions and have tried to share employees, though things may be getting a bit too cozy in that department, judging from the lawsuits flying back and forth between eBay and Amazon.

But why shouldn’t they have an exchange program? They’re practically the same company — just with different balance sheets. In fact, it’s as if they’ve all put their money on the same horse in the same race — Newanduseditemsgalore to win the Derby.

Can they all win? Probably not — or at least not in the way they hope to. Remember, as more people bet on the same horse, their potential winnings go down. The pool has to be divided that many more times.

Choice? What Choice?

In all of this, though, unless hybrids are your thing, the real downside is for consumers.

Want to visit an online super-site that offers only new items for sale? Sorry. Want to visit a popular Web site that deals in auctions — and only in auctions? Out of luck.

I’m all for survival and I’m glad to see the battle being joined, the various combatants marching inexorably toward the center of the ring where they will shadow-box no more. Things are going to get interesting on the competition front.

But at the same time, they’re getting less interesting for us shoppers. The day will come when I’ve typed in a domain name, find myself on one of the sites, and realize after a while that I can’t tell where exactly I am. Did I type eBay or Amazon or Yahoo?

Before long, it might not matter.

What do you think? Let’s talk about it.

Note: The opinions expressed by our columnists are their own and do not necessarily reflect the views of the E-Commerce Times or its management.


  • I don’t agree with some of Keith’s points. For me, I don’t care if a site I visit offers new, used, or auction products as long as I can easily search for one or if the search results are grouped along those lines. If I’m looking at a particular book, I see it less for a used one, and I decide I’m only going to read it once, I’d be glad for the opportunity to pay less. If I don’t need it right away, I might even put a bid in for even less than the used price just to see if I could get it. Why not? I don’t see the downside to these choices.

    I’m sure that the three sites will keep the look of their sites plenty different so that people remember which site they’re on. I also firmly believe that one will probably succumb to the other two. That’s life in the big world.

    • Hi, so what do you think eBay’s next step would be?

      As I see it they have two alternatives.

      1. either merge yahoo or AM azon or both

      2. or pick up the fight with AM azon

      what do you think?

  • Sorry, I don’t buy into the sites becoming the same. I still, like most people, use Yahoo to explore, Amazon to buy new products, and eBay to look for old ones. Although each of these sites has delved into areas the other is strong in, most people use the sites for what they are known for. Amazon and yahoo don’t have half the auctions eBay does, and eBay and yahoo don’t offer the vast inventory that Amazon does.

    And even if they are delving into the same areas, how does the consumer lose? By having competitive sites, we get better prices, more user functionality on sites, and different places to find the stuff we are looking for.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Keith Regan
More in Cybercrime

E-commerce Times Channels

5 Cyber Safety Tips To Survive the Internet, Hackers and Scammers

Navigating the internet can be a trouble-filled journey. Bad actors intent on exploiting uninformed users are constantly lurking behind emails, websites, and social media invites. Even your Wi-Fi router and those now-ubiquitous QR codes can be danger points. Add to that, the never-ending virus and malware threats.

Computer and mobile device users are often unaware of the danger zones. However, the internet need not be a constant trip through the badlands. What it takes to stay protected online is knowing what to avoid and how to protect yourself.

Here are five things in your control to help keep your digital activity safe.

1. QR Codes, Handy but Potentially Harmful

QR Code for
A safe QR code for

These postage-size image links to websites can be convenient. Just point your smartphone camera at it and instantly go to a website, tech support location, discount offer on a purchase, or restaurant menu.

However, QR codes can also take you to a nefarious place where malware or worse is waiting. QR codes can be programmed to link to anything, putting your privacy and security at big risk.

Think before you scan a QR code. If the code is displayed on a website or printed document you trust, it is probably a safe. If not, or you are unsure, check it out.

You can download reputable QR reader apps that will perform a security check on the endpoint of the QR code’s destination. One such safety tool I use is the Trend Micro QR Scanner app, available for Android and iOS.

2. Avoid ‘Unsubscribe’ Email Scams

This is a popular ongoing scam that has a high success rate for hackers. Potential victims get an email for a product offer or other business invitation. The opt-out action step is enticing, looks familiar, and sounds reasonable. “Don’t want to receive our emails? Click here to unsubscribe,” it beckons.

Sometimes the annoying repeat emails ask if you want to unsubscribe from future emails. Some even offer you a link to cancel a subscription.

Do not select any options. Clicking on the links or replying confirms your active address.

Never input your email address in the “unsubscribe me” field, either. More senders will follow.

A better solution to deleting the unwanted email, especially from an unknown sender, is to mark it as spam. That moves it to the spam folder. You also can add that sender to your email program’s block list, or set up a filter to automatically delete it before it reaches your inbox.

Finally, check out the free service There you can unsubscribe from unwanted emails, keep others, or get the rest in a daily digest.

3. Lockout Facebook Hackers

Other villains try to usurp Facebook accounts. Hackers can change your password, email address, phone number, and even add a security code to lock you out of the pirated account. Before trouble happens, be proactive to prevent these situations. Facebook provides the following security settings you need to enable.

Enable two-factor authentication (2FA) to require your login approval on a separate device.

To do this, log in to your Facebook account on a desktop computer and navigate to Settings & privacy. Next, select Security and login. Then scroll down and edit the Two-factor authentication option. 

Facebook two-factor authentication settings

To complete this step, you must enter your Facebook password.

Activate these two additional features to block Facebook hackers:

  • Turn on the Code Generator feature in the Facebook mobile app
  • Set up login alerts to your email

First, open the Facebook mobile app and tap the magnifying glass, enter the term “code generator” and tap the search icon. Tap the result Code Generator to navigate to the next screen, then tap the button “Turn On Code Generator” to get a 6-digit code that changes every 30 seconds. You must enter this code within that short time span to login to your account on another device.

Next, set up alerts about unrecognized logins. You can do this from either a computer or a mobile device.

  • Computer: go to Settings & privacy > Settings > Security and login > Get alerts about unrecognized logins (see above screenshot).
  • Mobile app: tap Menu > Settings & privacy gear icon > Settings. Then tap Password and security. Next, scroll to Setting Up Extra Security > Get alerts about unrecognized logins > tap to select your preferred notification methods.

If you have trouble logging in, head to to fix the problem. If you are unable to login there, go to this Facebook help page instead and fill out the request form for Facebook to review your account. You will need to answer a few security questions to prove your identity. This might include providing proof of ID like a photo of a driver’s license.

4. Secure Your Wi-Fi Router

The flood of people working remotely since Covid put home Wi-Fi routers squarely in hackers’ target sights. As a result, malware attacks on home Wi-Fi networks are on the rise because residential setups often lack the level of security and protection that is found on enterprise networks.

One nasty attack tool, dubbed ZuoRAT, is a remote access trojan designed to hack into small office/home office routers. It can affect macOS, Windows, and Linux computers.

With it, hackers can collect your data and hijack any sites you visit while on your network. One of ZuroRAT’s worst factors is that once your router is infected, it can infect other routers to continue spreading the hackers’ access.

Apply these steps to better secure your home/office Wi-Fi network:

  • Be sure to enable WPA2 or WPA3 encryption on your routers. The default factory setting is often the outdated WEP (Wired Equivalent Privacy) security protocol, or none is set at all. Check the user manual or the router manufacturer’s website for directions.
  • Change your router’s SSID (Service Set Identifier) and password. This is critical. Typically, the factory setting shows the router’s make or model and has a universal password such as 0000 or 1234. Rename the SSID to not easily identify you. Avoid names that include, for example, all or parts of your name or address. Make sure the password is very strong.
  • For added protection, change the router’s password regularly. Yes, this is a big inconvenience because you also must update the password on all your devices that use that Wi-Fi network. But considering it will keep out hackers, it is well worth the hassle.
  • Keep the router’s firmware updated. Check the user manual and/or the manufacturer’s website for steps to download the latest updates.

How do I create a password that is hard to hack?

The strongest passwords have all these characteristics:

  • Lengthy — the more characters, the better
  • A mix of upper-case and lower-case letters, numerals, and special characters
  • No dictionary words or anything related to personal information

Pro Tip: When using a password generator, always change at least a few characters from the random result to create your final credentials.

5. Beware of Phony Tech Support Schemes

Some fraudsters call on the phone to tell you they are a tech support division working for a well-known computer or software company. The caller claims to be calling in response to an alert from your computer of a virus detection or malware on your device. The scammer offers to fix it if you simply provide your credit card number.

Hang up. Your computer is not infected.

A modified version of this tech support scam is a text or email claiming the same details. Do not reply. Just delete the message and move on.

You might also be browsing the web when a pop-up message crashes onto your screen. I have received very loud audio alerts warning me that my computer is at risk and not to turn it off without responding for help.

In all these cases, the scammers want to scare you to comply with their instructions. The action they want you to take to let them fix the alleged problem will hurt your bank account and possibly let them transmit real infections.

Follow these best practices to protect yourself from tech support fraud:

  • Never let a scammer con you into going to a website or clicking on a link.
  • Never agree to a remote connection by the so-called tech support agent that initiated contact to you.
  • Never give payment information in exchange for technical support you did not initiate. Legitimate tech companies will not call you and ask for payment to fix a problem they claim to have discovered on your device.

If you suspect your computer has a virus or malware problem, initiate contact with a repair center yourself. You probably already have a support plan or active warranty from where you purchased the computer. If you have not contacted a tech support company, the call or message you received is illegitimate.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Security

Top Universities Exposing Students, Faculty and Staff to Email Crime

Nearly all the top 10 universities in the United States, United Kingdom, and Australia are putting their students, faculty and staff at risk of email compromise by failing to block attackers from spoofing the schools’ email domains.

According to a report released Tuesday by enterprise security company Proofpoint, universities in the United States are most at risk with the poorest levels of protection, followed by the United Kingdom, then Australia.

The report is based on an analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) records at the schools. DMARC is a nearly decade-old email validation protocol used to authenticate a sender’s domain before delivering an email message to its destination.

The protocol offers three levels of protection — monitor, quarantine, and the strongest level, reject. None of the top universities in any of the countries had the reject level of protection enabled, the report found.

“Higher education institutions hold masses of sensitive personal and financial data, perhaps more so than any industry outside healthcare,” Proofpoint Executive Vice President for Cybersecurity Strategy Ryan Kalember said in a statement.

“This, unfortunately, makes these institutions a highly attractive target for cybercriminals,” he continued. “The pandemic and rapid shift to remote learning has further heightened the cybersecurity challenges for tertiary education institutions and opened them up to significant risks from malicious email-based cyberattacks, such as phishing.”

Barriers to DMARC Adoption

Universities aren’t alone in poor DMARC implementation.

A recent analysis of 64 million domains globally by Red Sift, a London-based maker of an integrated email and brand protection platform, found that only 2.1 percent of the domains had implemented DMARC. Moreover, only 28% of all publicly traded companies in the world have fully implemented the protocol, while 41% enabled only the basic level of it.

There can be a number of reasons for an organization not adopting DMARC. “There can be a lack of awareness around the importance of implementing DMARC policies, as well as companies not being fully aware of how to get started on implementing the protocol,” explained Proofpoint Industries Solutions and Strategy Leader Ryan Witt.

“Additionally,” he continued, “a lack of government policy to mandate DMARC as a requirement could be a contributing factor.”

“Further,” he added, “with the pandemic and current economy, organizations may be struggling to transform their business model, so competing priorities and lack of resources are also likely factors.”

The technology can be challenging to set up, too. “It requires the ability to publish DNS records, which requires systems and network administration experience,” explained Craig Lurey, CTO and co-founder of Keeper Security, a provider of zero-trust and zero-knowledge cybersecurity software, in Chicago.

In addition, he told TechNewsWorld: “There are several layers of setup required for DMARC to be implemented correctly. It needs to be closely monitored during implementation of the policy and the rollout to ensure that valid email is not being blocked.”

No Bullet for Spoofing

Nicole Hoffman, a senior cyber threat intelligence analyst with Digital Shadows, a provider of digital risk protection solutions in San Francisco, agreed that implementing DMARC can be a daunting task. “If implemented incorrectly, it can break things and interrupt business operations,” she told TechNewsWorld.

“Some organizations hire third parties to help with implementation, but this requires financial resources that need to be approved,” she added.

She cautioned that DMARC will not protect against all types of email domain spoofing.

“If you receive an email that appears to be from Bob at Google, but the email actually originated from Yahoo mail, DMARC would detect this,” she explained. “However, if a threat actor registered a domain that closely resembles Google’s domain, such as Googl3, DMARC would not detect that.”

Unused domains can also be a way to evade DMARC. “Domains that are registered, but unused, are also at risk of email domain spoofing,” Lurey explained. “Even when organizations have DMARC implemented on their primary domain, failing to enable DMARC on unused domains makes them potential targets for spoofing.”

Universities’ Unique Challenges

Universities can have their own set of difficulties when it comes to implementing DMARC.

“A lot of times universities don’t have a centralized IT department,” Red Sift Senior Director of Global Channels Brian Westnedge told TechNewsWorld. “Each college has its own IT department operating in silos. That can make it a challenge to implement DMARC across the organization because everyone is doing something a little different with email.”

Witt added that the constantly changing student population at universities, combined with a culture of openness and information-sharing, can conflict with the rules and controls often needed to effectively protect the users and systems from attack and compromise.

Furthermore, he continued, many academic institutions have an associated health system, so they need to adhere to controls associated with a regulated industry.

Funding can also be an issue at universities, noted John Bambenek, principle threat hunter at Netenrich, a San Jose, Calif.-based IT and digital security operations company. “The biggest challenges to universities is low funding of security teams — if they have one — and low funding of IT teams in general,” he told TechNewsWorld.

“Universities don’t pay particularly well, so part of it is a knowledge gap,” he said.

“There is also a culture in many universities against implementing any policies that could impede research,” he added. “When I worked at a university 15 years ago, there were knock-down drag-out fights against mandatory antivirus on workstations.”

Expensive Problem

Mark Arnold, vice president for advisory services at Lares, an information security consulting firm in Denver, noted domain spoofing is a significant threat to organizations and the technique of choice of threat actors to impersonate businesses and employees.

“Organizational threat models should account for this prevalent threat,” he told TechNewsWorld. “Implementing DMARC allows organizations to filter and validate messages and help thwart phishing campaigns and other business email compromises.”

Business email compromise (BEC) is probably the most expensive problem in all of cybersecurity, maintained Witt. According to the FBI, $43 billion was lost to BEC thieves between June 2016 and December 2021.

“Most people don’t realize how extraordinarily easy it is to spoof an email,” Witt said. “Anyone can send a BEC email to an intended target, and it has a high probability of getting through, especially if the impersonated organization isn’t authenticating their email.”

“These messages often don’t include malicious links or attachments, sidestepping traditional security solutions that analyze messages for these traits,” he continued. “Instead, the emails are simply sent with text designed to con the victim into acting.”

“Domain spoofing, and its cousin typosquatting, are the lowest hanging fruit for cybercriminals,” Bambenek added. “If you can get people to click on your emails because it looks like it is coming from their own university, you get a higher click-through rate and by extension, more fraud losses, stolen credentials and successful cybercrime.”

“In recent years,” he said, “attackers have been stealing students’ financial aid refunds. There is big money to be made by criminals here.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Cybercrime