Phishers exploit eBay's own sign in page

A bug in the eBay website has allowed fraudsters to launch a phishing attack using the online auction site’s own sign in page, security experts have warned.

A bug in the eBay website has allowed fraudsters to launch a phishing attack using the online auction site’s own sign in page, security experts have warned.

Phishing attacks – where fraudsters send out fake but official-looking emails in an attempt to steal bank details or other secure information – have homed in on eBay customers before.

Many users have received fake e-mails asking them to update their accounts by visiting a URL that leads to a phishing site.

But in the latest, more sophisticated attack, email recipients are directed to eBay’s own, genuine sign in page. The fraudsters have exploited a flaw on the sign in page and on another ancillary page to redirect victims to the phishing site after they have logged in, security firm Netcraft warned.

The scam relies on victims trusting the phishing page because they have been redirected from a genuine area of the eBay site.

 

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close