Phishers exploit eBay's own sign in page


Phishers exploit eBay's own sign in page

Tash Shifrin

A bug in the eBay website has allowed fraudsters to launch a phishing attack using the online auction site’s own sign in page, security experts have warned.

Phishing attacks – where fraudsters send out fake but official-looking emails in an attempt to steal bank details or other secure information – have homed in on eBay customers before.

Many users have received fake e-mails asking them to update their accounts by visiting a URL that leads to a phishing site.

But in the latest, more sophisticated attack, email recipients are directed to eBay’s own, genuine sign in page. The fraudsters have exploited a flaw on the sign in page and on another ancillary page to redirect victims to the phishing site after they have logged in, security firm Netcraft warned.

The scam relies on victims trusting the phishing page because they have been redirected from a genuine area of the eBay site.



Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy