News

Phishers exploit eBay's own sign in page

Tash Shifrin

A bug in the eBay website has allowed fraudsters to launch a phishing attack using the online auction site’s own sign in page, security experts have warned.

Phishing attacks – where fraudsters send out fake but official-looking emails in an attempt to steal bank details or other secure information – have homed in on eBay customers before.

Many users have received fake e-mails asking them to update their accounts by visiting a URL that leads to a phishing site.

But in the latest, more sophisticated attack, email recipients are directed to eBay’s own, genuine sign in page. The fraudsters have exploited a flaw on the sign in page and on another ancillary page to redirect victims to the phishing site after they have logged in, security firm Netcraft warned.

The scam relies on victims trusting the phishing page because they have been redirected from a genuine area of the eBay site.

 

 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy