eBay fixes redirect phishing flaw

No primary category set

According to The Register, eBay have plugged a hole in the eBay sign in page which allowed phishers to capture user’s data. Unlike most phishing scams this one actually directed the user to the official eBay sign in page prior to redirecting them to the scammers site. Once at the scammers site you were presented with a page which looked like the authentic eBay page, but with a failed logon as if you’d mistyped your eBay password. jjncj.com points out two issues:

1) if you had checked the URL and the security certificate before you signed in, you might not check the second time and enter your information again
2) it was using E-Bay’s own sign-in procedure to redirect you to a phishing page.

jjncj.com provides an example of a hacked (but in this case fairly harmless!) URL which would previously have redirected back to their blog, it now produces an eBay page stating the site is unable to redirect proving that eBay have closed the loophole

eBay redirect fixed

The Register points out that this isn’t the first time eBay have had security flaws where hackers made use of redirects from the site, although this one was fixed considerably quicker than the last.


eBay 3PM Shield acquisition bolsters ability to identify fakes

eBay 3PM Shield acquisition bolsters ability to identify fakes


Amazon Counterfeit Crimes Unit calls for government and businesses to work together


Amazon Hidden Links lawsuit against social influencers


Local coppers warn of parcel thefts in Reading


66% of products from online marketplaces failed safety tests

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.


Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars