Phishers set hidden traps on eBay

Click on an eBay auction listing, and you could get an unwanted result: a fake eBay login page, created by scammers looking to pilfer your username and password.

With about 181 million users worldwide, eBay is arguably the world's most popular online marketplace. As such, the San Jose, Calif., company, with its online payment unit PayPal, is among the biggest targets for online scammers--including phishers.

Phishing scams use forged Web sites that look like legitimate sites in an attempt to dupe Internet users into giving up sensitive data, such as usernames, passwords and credit card details. Cybercrooks typically use spam e-mail to lure people to their Web traps. But on eBay, they also take advantage of the auction listings on the site itself.

Some of the scams run on the auction Web site are almost invisible to the untrained eye. eBay lets sellers customize their auction pages using Web programming techniques and automated tools. However, attackers are abusing this freedom to build auction pages that include a rigged listing. When potential customers click on the link, it sends them to a phishing site.

eBay is aware of such abuse of its service for trickery by cybercrooks, Catherine England, an eBay spokeswoman, said Friday.

"Our sellers really use the dynamic content aspect of our listings," she said. "The benefits overwhelmingly outweigh the red skin that we have gotten."

CNET News.com reader Neal Cahill of Kansas City, Mo., said he had come across the scam. "When you click on the listing, it runs a script or small program that automatically takes you to a new page that requests login info," he wrote in an e-mail interview.

The page users are redirected to what appears to be an eBay login page, but is in fact a copy stored elsewhere--a classic phishing scam. "This page looks just like the eBay login page, only the Web address is different," Cahill wrote. The bad listings are usually for really appealing items or related to adult entertainment, he wrote.

eBay lists about 78 million items at any given time, and 6 million items are added daily, England said. The company has methods in place to fight fraud and employs about 1,000 people whose fulltime job it is to keep the marketplace safe. But sometimes a page with malicious code does get onto its Web site, she added.

"By the time something gets up there, we're usually so quick to get it and pull it down that it is really a moot point," she said. "We feel that it is not a huge concern or issue--it is miniscule."

Online fraudsters have targeted eBay and PayPal for years using a variety of techniques, including listing design abuse, England said. "This tactic for phishers has been around for a long time," she said.

Despite industry efforts, phishing is still on the rise, and experts predict that scams will become increasingly sophisticated. A record 9,715 phishing Web sites were spotted in January, according to the Anti-Phishing Working Group.

eBay offers a browser toolbar to help protect customers against fake copies of its Web sites. The company also provides extensive security information on its Web site, including a "spoof tutorial."

[Turnabuck]

What A Joke!!

FeeBay employ's 1,000 people to watch 6 million ads a day. eeewwww their tryin real hard to protect the members!

I hate that company!

They are walking all over people in this world...and you people are letting them!

Re-think FeeBay!

[n3td3v]

HACKERS ARE ALLOWED TO ATTACK PHISHINGS NOW, BECAUSE THE RSA SAID SO

http://groups.google.com/group/n3td3v/browse_thread/thread/9529a0dd97661fc5/1d88d9c423f4a7c6#1d88d9c423f4a7c6

[Carbon Based]

YES, eBay is a joke !

1000 people to keep eBay safe ??? Most of them are idiots. I have reported numerous severe violations of listings that had offered CDR software "copies" for sale AND eBay never ended any of the listings. BTW, the listings had blatantly indicated that the items were "copies". Conversly, eBay has suspended many innocent sellers for petty infractions.

[tony_z]

Don't you know they are only paying $1-$2 to those 1000 "experts"

What are you expecting from outsourcing those job to India for $1-$2/hour. They are damn good on marketing. Not much bad news like this get covered. They will do anything to increase their EPS so their stock price will rise. Increase listing price, unrecoverable fee, lower PayPal interest, limit people's PayPal account and "hold" their money for interests... more on @ http://paypalsucks.com

[Turnabuck]

FeeBay idiots!

FeeBay has a responsibility to it?s members to maintain a safe environment. The fact they employ 1,000 people to watch over problem listings is not admirable in any way. The company generates $1,000 per second 24/7. It fails horribly in protecting it?s members from fraudulent transactions. Their practices as a business are insulting to those of us who have the intelligence to see it.

Our company fell victim to their ending of our auctions for minor infractions while these very Phishing sites dominate the featured item listings. Pictures of naked women are the lure. If you visit the ads you fall victim to aggressive script that manipulates your system.

These ad?s go by their ?high security? measures with no problem. Their pulse page is laughable and a disgrace to it?s members. It flaunts off the wall ad?s of idiots selling a hot dog, get rich quick schemes and yes more naked women.

As for the selling of copyrighted material, knock off products etc by it?s members, FeeBay has no desire to stop this practice because their getting paid.

The most disappointing issue is, people support their flagrant disregard to it?s community by joining and forking over their hard earned money due to their greed and beliefs they can get rich quick using this global marketplace.

I hate the company but love naked women.

[richto]

So what?

If it tells you they are copies then its hardly a problem. Not like they are ripping the customers off. Only the pigopolists that produced the CDs in the first place.

Dont you have something better to do with your life? Like getting one?

[suspended4everNo]

copyright infringing laws

eBay tried to be a pain big ass pain n the suscessed, first of all , shill bidding . np suspened back on , months later , they get my for C.R.i.L infridgement sounds like were i keep my snaks, well i said it title, 'vintage style looking quitars' n in my deatails first line was , ' all guiatrs are factory sealed new n come with 100% warrenty , first line!!!!!!!1 , then they say sry 4 weeks ago, after 4 years......... n i called them, a bunch of ******* , they wanted to send me this like 350 page paper n sign it n send it back , i think not...

[Jackson Cracker]

"miniscule"

The actual word is "minuscule".

[richto]

So?

If it tells you they are copies then its hardly a problem. Not like they are ripping the customers off. Only the pigopolists that produced the CDs in the first place.

Dont you have something better to do with your life? Like getting one?

[Earl Benser]

One more reason....

.... not to use Ebay.

[Lyn2132]

Suspended from Ebay

I just found out that I was suspended from Ebay, due to "shill bidding". I never knew what this was, and signed on to 2 of my sisters computers to check my ebay accounts. That said they had Microsoft, and go figure, it saved passwords and login in names...but now I am to blame. I can't even pay for items I have won, so some one else gets jacked also. This has to stop...

[PhilipCohen2]

eBay introduces absolute anonymity for (shill) bidders

In Australia, the UK, Ireland and the Philippines, eBay has obscured auction bidding to the point that genuine bidders have got absolutely no chance of detecting and thereby protecting themselves from ?shill? bidding (a criminal offence in most civilised countries) by unethical vendors. Notwithstanding eBay?s statements to the contrary, this application of absolute anonymity (ie, Bidder 1, Bidder 2, etc) by eBay on these sites serves absolutely no purpose other than to deceive consumers by making even any otherwise obvious shill bidding undetectable; and the same criticism has always been applicable to eBay?s other shill bidders? facility, ?User ID kept private?. Again, notwithstanding eBay?s various pronouncements about shill bidding being banned on eBay, eBay is now effectively (and knowingly) ?aiding and abetting? such shill bidders on these sites, at the expense of consumers. A lengthy critical analysis of this matter at:
http://www.auctionbytes.com/forum/phpBB/viewtopic.php?p=6498345#6498345

I apologise in advance for the length of the above-linked ?rant?. If you are an unethical shill-bidding seller or a buyer who is not concerned that on the above-mentioned national sites eBay is effectively ?aiding and abetting? such shill-bidding sellers to cheat you, read no further.

[PhilipCohen2]

Shill Bidding on eBay: A Case Study

For anyone that is interested, a detailed case study of a blatant shill bidder on eBay, and a comment on eBay?s apparent attitude thereto, at http://www.auctionbytes.com/forum/phpBB/viewtopic.php?t=24033

[jojokinkaid]

There is a forum I found on the internet that is free, and helps with Ebay, PayPal, business and the law. Just post any question, the experts will answer it if it has not already been answered!

The forum has a lot of expert advice on it. http://www.modeeworld.com/forums I found advice there about how to avoid EBAY suspensions, get past PayPal limitations, also lots of detailed help on creating your own business, getting past trademark violations, VERO and lots more. Plus general advice on how best to sell on EBAY, what sells the best, how to get the best price for your product, really everything related to EBAY and internet business.

Also advice about how EBAY really works and how PayPal really works. The inside scoop.

Beautiful forum. I was made a moderator of the forum and I love it!