Alert: eBay iPhone Listings Redirecting to Phishing Pages

300px-EBay_logo.svgLast night, the BBC published an article stating that eBay item listings are vulnerable to cross site scripting attacks, which can lead users to phishing pages.

Such attacks place malicious code within the listing field that lets sellers link to legitimate third party websites. When users click on links that contain this code, they are redirected to phishing pages that look like the eBay log in page. Users who enter credentials are at risk of having their eBay account compromised.

This type of attack was first discovered by an eBay power user who found it in action on a listing for a cheap iPhone. In addition, the BBC states that they have discovered 2 other eBay item listings from the same account using cross site scripting attacks. eBay has yet to make a statement on the matter, but initial reports indicate that the 3 malicious listings have been removed.

To avoid this phish:

As yet, the total number of item listings this vulnerability affects is unknown – so be careful where you bid! If you think you might have fallen for a phish, change your password ASAP and keep a close eye on your eBay account.

Emsisoft users are automatically protected from this threat by our products’ Web Protection technology. Original report from the BBC can be found here.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

 

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next