Phishers Steal Trust from eBay Sign In Pages

Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page.

Registered users of eBay's popular online auction web site must sign in using a username and password in order to participate in bidding and listing of items. A new style of phishing attack reported through the Netcraft Toolbar [which does not work on the Mac] community shows fraudsters exploiting flaws on the Sign In page and on another ancilliary page which results in victims being redirected to the fraudster's phishing site after they have logged in.

Source: Netcraft News

Using URL parameters is not new. Using the official page is. Spammers just found out how to use the redirect parameter in the URL. These login pages redirect to pages on that site usually, to your My eBay page for example. So it is not odd to have parameters in the URL. This is amazing, I did not think phishing could get any worse. It just got a lot worse.

It is hard enough to get non-techies to notice that the URL is not the official site, think how hard it is to explain URL parameters to them.

Incidentally, if you get phishing emails from eBay or PayPal, which are the most prevalent, you should send them to spoofs@ebay.com.

Comments (3)

LKM:
It is hard enough to get non-techies to notice that the URL is not the official site, think how hard it is to explain URL parameters to them.

You don't need to. This is a security fault in ebay's code. They need to fix this asap. I have no idea how clueless ebay's programmers must be to do something as stupid as this. It's on the same level as SQL injection holes.

Somebody needs to get fired over this.

Anyway, people shouldn't click on links in mails. Just tell these lazy ƒº¬åß¡e to type the url by hand.

Anyway, people shouldn't click on links in mails. Just tell these lazy ƒº¬åß¡e to type the url by hand.

Thats a good point, but it doesn't seem to be working, as the volume of phishing attacks has gone up.

Netcraft site says February. Their news article is dated July 29. Are these seperate incidents?

In February fraudsters exploited an open redirect on the eBay web site:

http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain& DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2F UpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlB XVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDr ferHCUQRfqzeHAAeMWZlHhlWXh

That is from this page.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Warning: include(/home/meancode/public_html/breakingwindows/footer.php): failed to open stream: Permission denied in /home/breaking/public_html/2005/08/phishers_steal_trust_from_ebay.php on line 240

Warning: include(): Failed opening '/home/meancode/public_html/breakingwindows/footer.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/breaking/public_html/2005/08/phishers_steal_trust_from_ebay.php on line 240

Blogcritics Magazine

Social Networking

Mac Headlines

Read up-to-date headlines on everything Mac.

Content provided by prMac.

ESRB Search

Creative Commons License
This weblog is licensed under a Creative Commons License.
Enhanced with Snapshots