Skip to main content

what it is - on ebay, theyre injecting redirect coding into the description of the listing. So, when you click on the title to view the listing, it takes you to THEIR website instead of the listing. And this website of theirs is a mockup of ebay's login page! So, you think you have to login, and then when you do, from what I was told and what I read, it sends you back to ebay to the listing. So, youre none the wiser. (I never tested it out, though, cause no telling what else it d/l's to your puter) Either way, though, the scammer now has your ebay login/pw!

Phishing for eBay passwords direct on eBay's site, no spoof emails required Frown Frown

I had seen some minor mentionings of it on the ebay boards, but had never come across one of the listings until this evening.

This evening I saw several of them, they were putting up new ones as quickly as ebay could knock them down (and faster).

The one thing that was uniform across all the ones I saw, was it had a semi-nude or full nude image, a title that was sexual in nature, and all were listed with starting price of $1.00.

The ones I had read about on forums were electronics items. The ones I saw were in the Totally Bizarre category

So, anyway, be careful out there! and if you click on a listing and it tells you to login before you can view the listing, click the back button! (actually, because of the redirect code, you have to doubleclick the back button)

@ Auctiva guys - if you want, I will share with you how the scammers are injecting the redirect, since part of your job is keeping your site secure and keeping the scammers from using your service. Just email me.

@ all - I will NOT share how it's done with anyone else here, due to the nature of the exploit and how easily it's done. So please dont ask.
Original Post

Replies sorted oldest to newest

That's scarey. I got a confirmation email the other day from "Eyay" that looked exactly like their question form stating he had made a payment to PayPal and wanted to know when the product would arrive. God only know what the response button was going to do. I forwarded it to Ebay spoof. Might not be anything new to them.
Later
Rosemary
quote:
Originally posted by leahyrlw:
That's scarey. I got a confirmation email the other day from "Eyay" that looked exactly like their question form Later
Rosemary

Rosemary, I have full headers on in my email. I can look at a glance to see where (host and such) the email came from.

Also, if the message isn't in MY eBay messages, I don't touch it.

You're right, the scammers are getting REAL GOOD!

My Best,
Donna
The only time you should have to log back in is if you log in from a different comp than the one your already logged in on...also when your doing revision. I get a ton of these spoof emails everyday..I used to send them to ebay but they are all the same so its nothing new to them..I just delete the darn things.

What really threw me for a loop here a couple weeks ago was I got one from paypal.com only it wasnt from paypal...I swear to god it looked exactly like one of paypals emails...I wouldnt have known the difference..except I have it set up so that my email tells me where it originally came from.

But I have to say I think everyone is on their guard now...I go over every email I get now with a fine tooth comb...its really sad I have to do that. I keep waiting for someone to exploit the ebay emails that you get that do not go through ebays mail system first...like your copy of ebay invoices that you send to customer and listing confirmations and ebay item sold and unsold etc....Im sceered!!!!
quote:
But I have to say I think everyone is on their guard now


You'd think everyone would know about the Nigerian scams too, but apparently not.

That is to say, I believe this stuff would go away if it wasn't still working for the scammers. It's hard to imagine that there's still anybody who will fall for this stuff but there must be plenty of them.
quote:
Originally posted by Westvatexan:
What really threw me for a loop here a couple weeks ago was I got one from paypal.com only it wasnt from paypal...I swear to god it looked exactly like one of paypals emails...


I also got one, I was 99.9% sure that it was from PayPal. It looked EXACTLY right. I was CONFIDENT that it was from PayPal. But I always make it a practice to go straight to the site instead of following email links. I spent a few minutes on PayPal searching around for whatever it was that the email was alerting me about.... then it hit me that the email was probably fake, and I forwarded it on to eBay.

A year ago, I would have fallen for it completely.
quote:
Originally posted by BTPS:
quote:
Originally posted by leahyrlw:
Oerish the thought sales could actually get any worse.
My lips are sealed
Rosemary


Personally, I think spreading the word - EDUCATING PEOPLE is much better then silence. BUYERS need to learn that once they log in they shouldn't ever have to log in again to VIEW an item!
true, there is the other side to it. and perhaps ebay should educate people about it. when you first sign up for ebay, they should definately warn you about spoof emails (which they dont) and prolly should warn about this new phishing method.


BTW, if you ever come across one of these listings that when you click on it, it takes to you a fake login page, if you contact Live Help they can kill it. They will say they cant and will tell you to file a report with Trust and Safety, BUT last night, Magie went to Live Help and got a Live Help reps who got her supervisor (who promptly killed the listing) and told Magie that because of the nature of the security problem, that Live help is supposed to get a supervisor over so that it can be killed promptly, rather than waiting on T&S.

The two reps I dealt with both tried to pawn me off on T&S. The second one was after Magie was told theyre supposed to have supervisor kill it, so I argued with the rep and after some arguing it got killed.

BTW, (for those that dont know) to get the item # for reporting to live help, right click, select "properties" and then can pull the item number out of the url.

Add Reply

Copyright © 1999-2018 Auctiva.com. All rights reserved.
×
×
×
×
Link copied to your clipboard.
×