eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses

If you find this useful please share it!


eBay is working frantically to fix a bug in their software which allows phishers to do their phishing dirty work using real eBay URLs in their phishing efforts. eBay is calling the phish-friendly problem a “software bug” which can be used to create a genuine eBay link which in turn redirects and takes the user to the phisher’s site – which looks exactly like a legitimate eBay page – where they can steal eBay account information, credit card information, and all sorts of other personal information.

While eBay’s users, and consumers in general, have become more careful about clicking on links which show up uninvited in email, this particular phishing bug is insidious because the link in the phishing email is a genuine eBay link, and the user is never aware that they have gone through the genuine eBay link to the phisher’s look-alike site.

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses

An eBay spokesperson, Hani Durzy, explained that users have become “more aware of phishing, but the bad guys have become much better at it, so it’s not going to go away overnight. The key for us is really about educating Internet users to protect themselves in the same ways they do offline.”


So, what can you do about it? What if you get email from eBay asking you to go to their site – how can you be sure it’s legitimate, and will take you to the real eBay site?

Aunty recommends that if you get an email purporting to be from eBay, and you aren’t sure whether it’s real or not, rather than clicking on the link in the email (don’t do that!), just go to eBay directly, typing eBay’s address in your browser, and log in to your account. If there is really some action which eBay needs you to take, you’ll get a message from eBay about it when you log in to your account.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses

Get notified of new Internet Patrol articles!

If you find this useful please share it!

1 Reply to “eBay Phishing Bug Allows Phishing Using Real eBay Web Addresses”

  1. I just got caught out by one of these. None of the usual warning signs there. It was a question about an ebay item I was selling. The question came through ebay … it was in my ebay messages on the site. The “Respond” button was a redirect but you’d only know if you looked at the link preview when you hover and had noted what previous links should look like. They didn’t ask for any personal information so it seemed normal.

    I only realized when I received a warning from ebay referring to the specific mail 3 hours after receiving the original mail.

    I’m not sure what information I gave away clicking the Respond button but I have since changed any passwords they could have accessed (email, ebay and paypal).

    One has to be supremely vigilant now, it would seem.

Leave a Reply

Your email address will not be published. Required fields are marked *