A bug in the eBay website has allowed fraudsters to launch a phishing attack using the online auction site’s own sign in page, security experts have warned.
Phishing attacks – where fraudsters send out fake but official-looking emails in an attempt to steal bank details or other secure information – have homed in on eBay customers before.
Many users have received fake e-mails asking them to update their accounts by visiting a URL that leads to a phishing site.
But in the latest, more sophisticated attack, email recipients are directed to eBay’s own, genuine sign in page. The fraudsters have exploited a flaw on the sign in page and on another ancillary page to redirect victims to the phishing site after they have logged in, security firm Netcraft warned.
The scam relies on victims trusting the phishing page because they have been redirected from a genuine area of the eBay site.