Be careful: eBay vulnerability results in phishing log-in web page
Enthusiastic about choosing up a used iPhone on eBay? Store rigorously, pals: it is apparently phishing season. The BBC is reporting some public sale listings are redirecting to counterfeit eBay login pages — fronts for phishing scams designed to steal buyer usernames and bank card info. The excellent news is that eBay is not technically hacked. The web market permits sellers to make use of scripting to gussy up merchandise listings. Cross-website scripting is usually not allowed, however these scammers are doing it anyway.
“Cross website scripting just isn’t allowed on eBay and we’ve a variety of security measures designed to detect after which take away listings containing malicious code,” eBay informed Engadget. Even so, the BBC says it was capable of determine sixty four malicious listings from the final 15 days. All these auctions have been eliminated, in fact, and eBay says it’s actively in search of out and eradicating these sorts of listings. Nonetheless, higher protected than sorry: if eBay is asking you to log in at an misguided time, double verify your handle bar to ensure you have not been mysteriously redirected.