By Katherine Noyes
09/23/14 6:25 AM PT
eBay users should be on high alert for phishing scams designed to rob them of their credentials. eBay reportedly is riddled with scam listings that redirect shoppers to fake log-in sites. One measure users can take to protect themselves is to double-check the URL bar before entering their username and password to make sure they're still on ebay.com rather than on a cybercriminal's look-alike page. - See more at: http://www.ecommercetimes.com/story/81082.html#sthash.OS4sa90r.dpuf
Attackers for months have been using eBay listings to redirect visitors to password-harvesting scam sites, the BBC reported. They use cross-site scripting to hijack eBay shoppers and trick them into handing over personal data.Smartphones, televisions, hot tubs and clothing are among the items supposedly for sale in listings infected with malicious Javascript code. When users click on the listings, the code redirects them through a series of other websites to a page requesting their eBay log-in and password.
This video, taken by a user, demonstrates the exploit in action:
E Commerce Times/ full article here/ http://www.ecommercetimes.com/story/81082.html
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.