In The News‎ > ‎

eBay vulnerability

posted Sep 18, 2014, 11:33 AM by Craig Cox   [ updated Sep 23, 2014, 12:58 PM ]
Graham Cluley writes about eBay auctions that are really just a front-end for stealing your eBay login credentials.  While he goes into some technical depth, the bottom line is that eBay should be screening for this kind of script and preventing sellers from posting it.

At the prompting of BBC News, eBay apparently took down specific auctions; but there's been no word if they have begun screening for this attack when an auction is posted.

The current bait is cheap iPhones, but any seller item could launch this script.  For now, the important thing is to make sure that when you're prompted for your eBay password, the URL at the top of the page says eBay.  It's also good to be skeptical about too-good-to-be-true auctions.

Update:  BBC News reports that this has been going on since February.