We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,721 News Articles

Phishers hack eBay

Second time this year

A flaw has been discovered on eBay’s website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.

Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending emails asking eBay users to update their accounts. So far so normal, as such fake eBay emails are currently one of the phishing world’s persistent lines of attack.

Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.

The end result would have been that users gave away information allowing phishers to hijack their accounts, either as a way of laundering money or for launching fake auctions.

According to Netcraft’s Paul Mutton, the company first learned of the attack from users of its antiphishing toolbar - which stops the attack - and reported the flaw to eBay last week.

This is not the first time such an attack has been attempted on eBay users. In March, phishers launched an almost identical redirect-style attack, which spoofed the sign-on page itself. Mutton said he considered the latest attack more subtle as it manipulated the real sign-on page, and would therefore be harder for users to detect.

"I believe this new exploit is more serious because it is more convincing," Mutton said. "It is something they can prevent by enforcing stricter coding conventions." At the time of going to press, eBay was unavailable for comment.

The moral is not to click on links in emails just because they look genuine, a fairly disturbing conclusion as this is one of the main criteria people use. Netcraft’s toolbar, a web browser plug-in for Microsoft’s Internet Explorer and Mozilla’s Firefox, is designed to protect against phishing websites, not least by analysing the sort of characters used in this attack.


IDG UK Sites

Motorola Moto G2 release date, price and specs: Best budget smartphone gets upgrades

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer