Phishers hack eBay

A flaw has been discovered on eBay's website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.

Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending e-mails asking eBay users to update their accounts. So far so normal, as such fake eBay e-mails are currently one of the phishing world's persistent lines of attack.

Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.

The end result would have been that users gave away information allowing phishers to hijack their accounts, either as a way of laundering money or for launching fake auctions.

According to Netcraft's Paul Mutton, the company first learned of the attack from users of its antiphishing toolbar -- which stops the attack -- and reported the flaw to eBay last week.

This is not the first time such an attack has been attempted on eBay users. In March, phishers launched an almost identical redirect-style attack, which spoofed the sign-on page itself. Mutton said he considered the latest attack more subtle as it manipulated the real sign-on page, and would therefore be harder for users to detect.

"I believe this new exploit is more serious because it is more convincing," Mutton said. "It is something they can prevent by enforcing stricter coding conventions." At the time of going to press, eBay was unavailable for comment.

The moral is not to click on links in e-mails just because they look genuine, a fairly disturbing conclusion as this is one of the main criteria people use. Netcraft's toolbar, a web browser plug-in for Microsoft's Internet Explorer and Mozilla's Firefox, is designed to protect against phishing websites, not least by analyzing the sort of characters used in this attack.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Techworld.com
Show Comments

Essentials

Mobile

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?