Scam goes after eBay users
EBay (EBAY) customers are being targeted by fraudsters intent on stealing their user names and passwords.
The Better Business Bureau is warning of a scam in which eBay users viewing listings on the e-commerce site are surreptitiously moved onto a series of other sites. Typically, the user will encounter a listing with a particularly tempting price and then click. That starts a process that moves the user from site to site and ultimately to an eBay look-alike log-in page.
"If you input your user name and password, it will end up in the hands of scammers," the consumer watchdog said.
The bureau urged eBay users to beware of listings that take users off of eBay itself. Giving a crook access to your eBay log-in and password will allow them to launch "phishing" attacks to get still more information. And, if you're like many people and use the same password on multiple sites, you'll have opened the door to those, too.
"How does this happen? eBay permits sellers to use Javascript and Flash to add design elements to their listings," the BBB said. "But this flexibility allows scammers to add malicious code instead, a practice called cross-site scripting."
To avoid the scam, the group urges consumers to be sure to check the browser bar for the web address you're on before entering any information. In addition, check to see if the address has the HTTPS designation and the symbol of a lock to ensure the connection is secure. Lastly, the BBB says consumers should be skeptical of any listing supposedly on eBay with a suspiciously low price.
Additional information about scams targeting eBay is available on the company's fraud prevention page.
In May, eBay asked 145 million users to change their passwords after hackers breached the company's corporate network and stole employee log-in data. No customer account information was stolen in the attack, eBay said at the time.