eBay provides a backdoor for phishers

Phishers are exploiting a redirection script on eBay's site to make fraudulent emails look more convincing. Three Register readers noticed the trick in scam emails they received. Alerted by The Register email security firm MessageLabs confirmed that it has detected and blocked the same trick a number of times in the last two weeks. Despite notifying eBay of a potential problem on Wednesday (23 February), and making several calls since, we're yet to hear back from the online auction house. Meanwhile the exploit (details of which we are withholding) remains open to abuse. Register readers described how the "neat" trick could trap the unwary. "I can host my eBay-alike phishing page anywhere I like, and use the above script to get users to click on it. The link is very definitely pointing to eBay, it's just that eBay will redirect to my phishing net. Very slick," writes one reader. Reports of new, unique phishing email messages to the Anti-Phishing Working Group (APWG) reached 12,845 last month, 42 per cent up on December 2004. APWG reports a larger number of firms are targeted in these attacks as fraudsters look to hook customers of smaller financial institutions as perennial favourites such as Citibank and eBay. UKFast is not tresponsible for the content of external Internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: