Didier
"Deed"
For those who sell on ebay, I want to report how I almost fall into a phishing trap. Maybe this trick has already been reported here, but I guess it's worth to call attention to these methods again.
I have listed several items at ebay. Then another member has contacted me through "Ask seller a question" (Ihave checked the mail's header it really came through ebay).
This member asks me if my item is the same like at - and then came a link "stores.ebay.com/..." which is a link to an actually existing ebay shop page.
Now this page contains userside javascript that forwards you to a new site outside of ebay, which wants your username/password. I was a bit confused and had already typed my username in, when I realized something must be wrong and the domain is not ebay. It's the first time a phisher could lead me so far, usually I smell their tricks long before.
I then checked the member who asked me through my auction. His name is"fishin-florida" (nomen est omen), he's got 1 feedback and the membership is already cancelled. Then I called the stores.ebay.com url again, with javascript disabled (BTW. easy to do with the more than useful web developer toolbar for firefox).
Now, without javascript, this shop page could not forward me to the phising site, and showed a regular ebay store front end, selling "nudie jeans". By checking the code I quickly found the the forwarding script. This shop is still online, the forwarding still works though I have reported it to ebay 16 hours ago. I just got the usual meaningless automated answer from them. I do not post the store link here as I don't help these jerks to hijack ebay accounts.
Since years ebay has been told not to admit userside javascript, but they still do, and it's still a security hole. Can't understand them.
Didier
I have listed several items at ebay. Then another member has contacted me through "Ask seller a question" (Ihave checked the mail's header it really came through ebay).
This member asks me if my item is the same like at - and then came a link "stores.ebay.com/..." which is a link to an actually existing ebay shop page.
Now this page contains userside javascript that forwards you to a new site outside of ebay, which wants your username/password. I was a bit confused and had already typed my username in, when I realized something must be wrong and the domain is not ebay. It's the first time a phisher could lead me so far, usually I smell their tricks long before.
I then checked the member who asked me through my auction. His name is"fishin-florida" (nomen est omen), he's got 1 feedback and the membership is already cancelled. Then I called the stores.ebay.com url again, with javascript disabled (BTW. easy to do with the more than useful web developer toolbar for firefox).
Now, without javascript, this shop page could not forward me to the phising site, and showed a regular ebay store front end, selling "nudie jeans". By checking the code I quickly found the the forwarding script. This shop is still online, the forwarding still works though I have reported it to ebay 16 hours ago. I just got the usual meaningless automated answer from them. I do not post the store link here as I don't help these jerks to hijack ebay accounts.
Since years ebay has been told not to admit userside javascript, but they still do, and it's still a security hole. Can't understand them.
Didier
