Leave a comment

Beware this tricky eBay phishing scam

Beware this tricky eBay phishing scam
photo courtesy of SHUTTERSTOCK
Radu Bercan / Shutterstock.com

Phishing scams are out there and they're dangerous. In fact, they're one of the most effective tools hackers have to steal your information.

Tricking you into clicking on a malicious link or downloading a virus disguised as a harmless file is much easier than breaking into an account with a strong password and smart security question. And the result is the same - they have your information.

I'm always warning you about email phishing scams - like this email supposedly from Apple. However, today I want to warn you about a website phishing scam affecting eBay.

Worryingly, it turns out this isn't a new problem. EBay has potentially known about it for months and has either done nothing or just can't lock it down.

I won't go into the technology behind it - a cross-site scripting vulnerability - but the result is that clicking on a link to see an auction brings up what looks like the eBay login page. If you actually put in your information, though, it goes straight to hackers who can then get full access to your account.

To see what I'm talking about, here's a video the gentleman who discovered the problem - Paul Kerr - made showing what happens.

So, how did Mr. Kerr know it was fake? Well, he immediately noticed the address wasn't an eBay address. In fact, the page was being displayed from a completely different site.

Then there was the fact that eBay doesn't require you to sign in to view auctions. Any change in the way a website works is always a red flag to be careful.

Plus, it only did the redirect from a few items, not all of them, and all those items were from the same seller.

The best way to avoid an attack like this is to always go to a site's home page to log in. If you're already on a specific page you don't want to lose, open a new tab in your browser and go to the home page to log in.

Then switch back to the original tab and refresh the page or click on the link you clicked before. If it still asks you to log in, then you know it's a fake.

Don't let phishing attacks take you by surprise. Make sure you keep up with the latest information on my site.

Next Story
Source: BBC
View Comments ()
Apple iPhone 6 in stores today - see the big 'whoops' with first one sold
Previous Happening Now

Apple iPhone 6 in stores today - see the big 'whoops' with first one sold

Friday funnies: Wacky ways neighbors war with each other through their Wi-Fi names
Next Happening Now

Friday funnies: Wacky ways neighbors war with each other through their Wi-Fi names