eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses   - 1,899 Views,

Summary: eBay is working frantically to fix a bug in their software which allows phishers to do their phishing dirty work using real eBay URLs in their phishing efforts. eBay is calling the phish-friendly problem a "software bug" which can be used ...

Previous Article « Please Help Aunty by Taking This Reader Survey
Read Next Article » Windows of Opportunity for ATM Fraud Increase as Wells Fargo Boots Up More than 6000 Windows ATMs

  Follow Anne on Twitter

eBay is working frantically to fix a bug in their software which allows phishers to do their phishing dirty work using real eBay URLs in their phishing efforts. eBay is calling the phish-friendly problem a “software bug” which can be used to create a genuine eBay link which in turn redirects and takes the user to the phisher’s site - which looks exactly like a legitimate eBay page - where they can steal eBay account information, credit card information, and all sorts of other personal information.

While eBay’s users, and consumers in general, have become more careful about clicking on links which show up uninvited in email, this particular phishing bug is insidious because the link in the phishing email is a genuine eBay link, and the user is never aware that they have gone through the genuine eBay link to the phisher’s look-alike site.

An eBay spokesperson, Hani Durzy, explained that users have become “more aware of phishing, but the bad guys have become much better at it, so it’s not going to go away overnight. The key for us is really about educating Internet users to protect themselves in the same ways they do offline.”

So, what can you do about it? What if you get email from eBay asking you to go to their site - how can you be sure it’s legitimate, and will take you to the real eBay site?

Aunty recommends that if you get an email purporting to be from eBay, and you aren’t sure whether it’s real or not, rather than clicking on the link in the email (don’t do that!), just go to eBay directly, typing eBay’s address in your browser, and log in to your account. If there is really some action which eBay needs you to take, you’ll get a message from eBay about it when you log in to your account.

eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses

 Follow Anne on Twitter

 Twitter Explained in Plain English

 Friend Anne on Facebook

Previous Article « Please Help Aunty by Taking This Reader Survey
Read Next Article » Windows of Opportunity for ATM Fraud Increase as Wells Fargo Boots Up More than 6000 Windows ATMs

Read more:

»  Phishers Use Wildcard DNS to Build Convincing Bait URLs - Spamfo

»  eBay Drops Plans to Allow Sales of Live Pets

»  Aunty Spam: Frying Phish

»  eBay Unpaid Item Dispute for Item - Response Required - is the Newest eBay Phishing Attempt

For additional similar stories check out our archives on Phishing

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


If you have not posted a comment here before, we apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day! You only need to do this once; once you have successfuly posted a comment here you will not be asked to do this again. Thank you for your understanding!

 
 This article first appeared on 3/6/2005
The Internet Patrol
Patrolling the Internet for You!