PORTLAND, Ore. - Neil Williams is a self-described eBay junkie.

He checks the site at least once a day and has bought and sold thousands of dollars worth of goods on the popular online auction Web site.

So, as a savvy eBay user who thought he had seen all the scams, even Williams was surprised when he paid over $700 for a digital camera, only to find out later that no camera was heading his way.

Williams discovered he was the victim of a hijacked eBay auction, just the latest way crooks are stealing money over the Internet.

The scam is deceptively simple and there is almost no way eBay users can tell if a site has been hijacked just by looking at it.

Williams says the hijackers simply try to log in to an eBay member's account by trying to guess their account password.

Unless the user has made the effort to use a complicated password, hackers unfortunately have a fairly easy time guessing a password, letting them log on as users and hijacking the account.

Once inside an account, hijackers can change banking information, steal personal information and post non-existent items for sale as a "Buy It Now" auction, the kind that requires no bidding and can be run automatically.

Hijackers usually target sellers with a lot of "positive feedback," which are positive transaction comments left by satisfied customers.

Most people on eBay feel that positive feedback is an assurance of an honest deal.

Once hijackers post items on the hijacked eBay page, it is impossible for eBay buyers to tell the site has been hijacked and if the site is a commercial page with a lot of good feedback, that is just another way to lure in buyers.

Williams paid for the non-existent camera using PayPal, the online payment system owned by eBay. He says there is no telling who actually received his money.

Williams says he follows eBay's online security warnings, but when he reviewed them again, no mention of the hijacking scam was mentioned.

Williams says he is not surprised eBay is keeping the problem quiet, as publicizing the scam could warn customers away from the publicly-traded companies' auction business.

Representatives from eBay would not comment on the problem to KATU reporters.

Local computer users and industry experts say password protection of private information and even business accounts continues to be lax.

They say the most common password is just that: password. And the next most popular password is the name of the user or business.

Experts say people can better protect their personal information and computers by using strong passwords that mix numbers and letters, and the more non-sensical the password the better.

They say it is also a good idea to give accounts a new password at least every year.

Last names, addresses or other information available to the public should be avoided and they also say computer users should not keep a list of their passwords on their computer.

They say the best way to remember passwords is to write them down by hand and then keep them somewhere where they cannot be hacked, downloaded or found on an old or stolen hard drive.

One good place to keep the list is inside a favorite book, something that is rarely stolen by criminals.