Didier
"Deed"
For those who sell on ebay, I want to report how I almost fall into a phishing trap. Maybe this trick has already been reported here, but I guess it's worth to call attention to these methods again.
I have listed several items at ebay. Then another member has contacted me through "Ask seller a question" (Ihave checked the mail's header it really came through ebay).
This member asks me if my item is the same like at - and then came a link "stores.ebay.com/..." which is a link to an actually existing ebay shop page.
Now this page contains userside javascript that forwards you to a new site outside of ebay, which wants your username/password. I was a bit confused and had already typed my username in, when I realized something must be wrong and the domain is not ebay. It's the first time a phisher could lead me so far, usually I smell their tricks long before.
I then checked the member who asked me through my auction. His name is"fishin-florida" (nomen est omen), he's got 1 feedback and the membership is already cancelled. Then I called the stores.ebay.com url again, with javascript disabled (BTW. easy to do with the more than useful web developer toolbar for firefox).
Now, without javascript, this shop page could not forward me to the phising site, and showed a regular ebay store front end, selling "nudie jeans". By checking the code I quickly found the the forwarding script. This shop is still online, the forwarding still works though I have reported it to ebay 16 hours ago. I just got the usual meaningless automated answer from them. I do not post the store link here as I don't help these jerks to hijack ebay accounts.
Since years ebay has been told not to admit userside javascript, but they still do, and it's still a security hole. Can't understand them.
Didier
I have listed several items at ebay. Then another member has contacted me through "Ask seller a question" (Ihave checked the mail's header it really came through ebay).
This member asks me if my item is the same like at - and then came a link "stores.ebay.com/..." which is a link to an actually existing ebay shop page.
Now this page contains userside javascript that forwards you to a new site outside of ebay, which wants your username/password. I was a bit confused and had already typed my username in, when I realized something must be wrong and the domain is not ebay. It's the first time a phisher could lead me so far, usually I smell their tricks long before.
I then checked the member who asked me through my auction. His name is"fishin-florida" (nomen est omen), he's got 1 feedback and the membership is already cancelled. Then I called the stores.ebay.com url again, with javascript disabled (BTW. easy to do with the more than useful web developer toolbar for firefox).
Now, without javascript, this shop page could not forward me to the phising site, and showed a regular ebay store front end, selling "nudie jeans". By checking the code I quickly found the the forwarding script. This shop is still online, the forwarding still works though I have reported it to ebay 16 hours ago. I just got the usual meaningless automated answer from them. I do not post the store link here as I don't help these jerks to hijack ebay accounts.
Since years ebay has been told not to admit userside javascript, but they still do, and it's still a security hole. Can't understand them.
Didier
Mr_Flibble
In Tabulas Argenteas Refero
Wow! That's a pretty elaborate scheme to get your account info.
Thanks for the warning.
Thanks for the warning.
bmattock
Veteran
Very sophisticated, and one I had not seen before. Great catch, and thanks for the warning!
Anupam
Well-known
I got that email and I almost fell for it too. Tricky one to catch.
-A
-A
RF-Addict
Well-known
I wish there was a viable alternative to eBay. It is really getting ridiculous with all the phisihing and they are indeed becoming more and more sophisticated. It is getting to the point where you can't trust any message coming from/through eBay.
RichC
Well-known
Must be quite a new scam, Didier - same happened to me a week ago, and I was just about to type my username when I realised something was up.
Like, you, my antennae are pretty sensitive to such things, and this is the first time I've managed to be suckered so far.
Be careful out there...
Like, you, my antennae are pretty sensitive to such things, and this is the first time I've managed to be suckered so far.
Be careful out there...