According to The Register, eBay have plugged a hole in the eBay sign in page which allowed phishers to capture user’s data. Unlike most phishing scams this one actually directed the user to the official eBay sign in page prior to redirecting them to the scammers site. Once at the scammers site you were presented with a page which looked like the authentic eBay page, but with a failed logon as if you’d mistyped your eBay password. jjncj.com points out two issues:
2) it was using E-Bay’s own sign-in procedure to redirect you to a phishing page.
jjncj.com provides an example of a hacked (but in this case fairly harmless!) URL which would previously have redirected back to their blog, it now produces an eBay page stating the site is unable to redirect proving that eBay have closed the loophole
The Register points out that this isn’t the first time eBay have had security flaws where hackers made use of redirects from the site, although this one was fixed considerably quicker than the last.
