Ebay Phishing Scam Exposes a Dangerous Security Leak
Earlier this evening Duane (my biz partner) noticed something strange about an eBay results page.
He went to this Ebay Results Page for a 2006 Seadoo Sportster and clicked on the second link:
The click on the listing was redirected through http://webskin.iscd.it/icons/wsmotors/kebay/redirect.html?varianta=8
and ended up at
http://cgisignin.ebay.com.selectarh.com.br/%20/ws1/ebaymotors/
kebay/ViewItem.php?item=330132876757&price=6,999.00
which is a near-exact reproduction of the eBay auction page, but on a phishing domain. Of course if you try to buy the item you have just given up your eBay username and password and possibly your payment information. The low cost of the item is what caught Duane’s attention initially.
Even turning off meta redirect and javascript causes the ebay listing to jump to the phishing domain. It looks like the exploit is done through embedded flash on the listing page without anyone even noticing the redirect.
There seems to be a pretty serious flash exploit out there - this could affect a lot more websites than eBay.
Louisville Real Estate said,
June 15, 2007 @ 12:07 pm
I have seen this scheme before myself, and the reproduction is so realistic that you really do believe ebay is asking you to enter your login information again. I guess the rule here is always look at the URL in the browser before you enter any important information.