Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Scrambles to Fix Phishing Bug

Posted by Zonk on from the watch-where-you-click dept.

Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""

8 of 131 comments (clear)

  1. That's the problem with e-mail correspondence. by Sheetrock · · Score: 4, Insightful
    Companies are so quick to doll up their e-mails with the latest HTML -- images, links, and tables -- that their customers are getting used to using e-mail as a portal to company sites.

    It should be a text-only medium, period. No attachments, no graphics, no opportunity to get someone to click before they think.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




  2. Scrambling? by Ulric · · Score: 5, Interesting
    Maybe they are scrambling, but it sure seems like it is still working:

    http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPIComm and=RedirectToDomain&DomainUrl=http://siag.nu/

    That's a link to ebay.com which redirects to siag.nu. And it doesn't look like a glitch, it looks like it's on purpose.

  3. In other news... by Anonymous Coward · · Score: 5, Funny

    Slashdot Scrambles to Fix Dupes

  4. GPG by SamMichaels · · Score: 4, Interesting

    Not just for ebay...but for everyone. Allow users to download the GPG key from inside their account and sign all the legit email.

    I realize that this somewhat complicates things for Grandma and Aunt Agnes, but the general public is going to HAVE to learn to deal with it in an effective way. GPG is an effective way...and PGP Freeware for Windows/Outlook is pretty idiot proof.

  5. Re:Phishing EBay by X0563511 · · Score: 5, Insightful

    Lots of people use the same password for everything. If i were to net a bunch of Ebay account passwords, i could stand a decent chance of getting into the paypal accounts of at least a few of them.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  6. My advice... by wotevah · · Score: 5, Insightful

    ...has always been to never click on emailed links pertaining to anything important, especially banking and such.

    Bookmark all the financial sites you use, and whenever you receive emails with such "friendly" links, use your bookmark instead, to log in to the site. If it was important, you will see it on the next page there.

    I never click on the links even when I know they are legit (to avoid forming a habit).

  7. Re:Phishing EBay by John+Miles · · Score: 4, Informative

    Um, no, that's the whole thing... there aren't any goods to mail.

    The idea is, I use your account to post an auction for an expensive piece of equipment with a glowing description stolen from another successful auction, photos courtesy of Google Image Search, and a Buy It Now price around 20% of retail. The victim hits the BIN button and, at my request, sends me a Western Union transfer to pay. That's the last anyone hears from me.

    Typically this scam is operated from Internet cafes in Eastern European countries with twentieth-century technology and twelfth-century ethics.

    --
    Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
  8. Re:not hard by fireheadca · · Score: 4, Insightful

    In otherwords don't be stupid and just randomly enter your password in sites asking for "updates"...

    For some phishes, I take the time to login with fake
    id's and passwords making sure to insult the scumsucking bastards.
    Then I do a network lookup on them and try to
    email the corresponding isp. Very easy to do
    and protects others.

    Vigalantism at its best! Everyone do the same.