Alert: eBay iPhone Listings Redirecting to Phishing Pages
Such attacks place malicious code within the listing field that lets sellers link to legitimate third party websites. When users click on links that contain this code, they are redirected to phishing pages that look like the eBay log in page. Users who enter credentials are at risk of having their eBay account compromised.
This type of attack was first discovered by an eBay power user who found it in action on a listing for a cheap iPhone. In addition, the BBC states that they have discovered 2 other eBay item listings from the same account using cross site scripting attacks. eBay has yet to make a statement on the matter, but initial reports indicate that the 3 malicious listings have been removed.
To avoid this phish:
- Stay away from item listings that seem too good to be true (hint: they are)
- Only log into a web account after independently navigating to that website on your own
- Check out eBay’s Marketplace Safety Tips
As yet, the total number of item listings this vulnerability affects is unknown – so be careful where you bid! If you think you might have fallen for a phish, change your password ASAP and keep a close eye on your eBay account.
Emsisoft users are automatically protected from this threat by our products’ Surf Protection technology. Original report from the BBC can be found here.
Hackers want to steal your Amazon account... using Kindle eBooks?