I may work in retail, but I’m certainly not a sucker for retail prices. So recently I purchased some merchandise on everybody’s favorite auction site, and got an unexpected surprise in the mail.

I needed a 2GB SD card for my video camera - 1GB just doesn’t work for 640×480 video. So I went to eBay and bid on a few cards. I found a relatively reputable seller (by eBay standards) offering some 2GB SD cards for $13 a pop. I happened to win one of those cards, and happily Paypalled the proper amount. I’ve bought some eBay electronics from Hong Kong-based sellers before, so I did not think much of it.

The card arrived yesterday, and was surprisingly legit (I had figured on it being a relabeled knock-off). So I popped the card into my card-reader and plugged it into my iMac. I planned to simply get info on it and make sure it was 2GB as advertised, but accidentally double-clicked it instead. When what to my wondering eyes should appear, a Windows autorun with some trojans and spyware. I laughed about it, and quickly ran disk utility to format it, but then as the seriousness of the matter occurred to me, I began wishing I had taken some screenshots.

I started watching the seller’s activity as dozens and dozens of these inexpensive SD cards churned through his feedback. Say only 1 in 10 pops that sucker in their computer and 1 in 10 of those gets infected… That’s potential for a TON of infections over the course of a few months. Even better, poor people like me can’t do a single thing about it. Complain to eBay? They wouldn’t do anything. Complain to the seller? He’s got my name/address info. All I can do is get the word out and hope somebody notices.

This made me think about our own store and its somewhat shady practices. As a coworker pointed out, it’s policy to resell anything that comes back in “like new” condition. Anyone could purchase a thumb drive, SD card, or even a router and load it up with viruses or hacked firmware and it would most likely be resold to the next customer who walks through the door.

None of this had ever occurred to me before, and I’m thankful I’m on a (currently) less vulnerable system than Windows. I would have popped it into a PC without even considering the possibility, and I’m sure others already have.

Of course retail doesn’t have to be the answer, places like Tigerdirect will get you safe products at low prices as well.

I never cease to be amazed at the ingenuity of identity thieves and zombie collectors, and I have to hand it to them — they’re generally a step ahead. A step behind is not a good place to be.

Shop safe,
Brandon