If you're an Internet user with email, you've probably been on the receiving end of phishing attacks. These are fake emails that try to trick you into download malicious files containing viruses or clicking on links to sites that try to steal your information.
If you take your time and know what to look for, you can usually spot and delete phishing emails before they trick you. Learn five ways to spot a phishing email. Even if you click on a malicious link, you can usually spot a fake site before you give up any information. However, eBay recently had a critical flaw that made it much harder.
Back in December, a security researcher named MLT found a basic cross-site scripting flaw on eBay's homepage. Basically, this lets hackers load their own code onto eBay's site, so they can make any page look like it's coming from eBay.
All a hacker has to do then is copy the code for eBay's login page and inject it back into eBay's site. If you were to click on the link in a fake eBay email, you'd think you were at the legitimate eBay login page, from the look to the domain name. You'd have no clue that when you entered your username and password you're sending them right to a hacker.
Even worse, MTL says it took eBay a month after being notified to fix the flaw. During that time, hackers could have tricked millions of people into visiting fake login pages. Or hackers might have used the flaw to sneak other types of code into eBay's website that could attack visitors directly through their browsers.
While there isn't any indication this happened, it's a further reminder that you need to be on your guard. That means not clicking on links or downloading attachments from email or other electronic communications. You should also make your browser as hacker-proof as possible to avoid automated attacks.