new form of pw phishing on ebay

what it is - on ebay, theyre injecting redirect coding into the description of the listing. So, when you click on the title to view the listing, it takes you to THEIR website instead of the listing. And this website of theirs is a mockup of ebay's login page! So, you think you have to login, and then when you do, from what I was told and what I read, it sends you back to ebay to the listing. So, youre none the wiser. (I never tested it out, though, cause no telling what else it d/l's to your puter) Either way, though, the scammer now has your ebay login/pw!

Phishing for eBay passwords direct on eBay's site, no spoof emails required

I had seen some minor mentionings of it on the ebay boards, but had never come across one of the listings until this evening.

This evening I saw several of them, they were putting up new ones as quickly as ebay could knock them down (and faster).

The one thing that was uniform across all the ones I saw, was it had a semi-nude or full nude image, a title that was sexual in nature, and all were listed with starting price of $1.00.

The ones I had read about on forums were electronics items. The ones I saw were in the Totally Bizarre category

So, anyway, be careful out there! and if you click on a listing and it tells you to login before you can view the listing, click the back button! (actually, because of the redirect code, you have to doubleclick the back button)

@ Auctiva guys - if you want, I will share with you how the scammers are injecting the redirect, since part of your job is keeping your site secure and keeping the scammers from using your service. Just email me.

@ all - I will NOT share how it's done with anyone else here, due to the nature of the exploit and how easily it's done. So please dont ask.