eBay Germany allows phishers free rein

No primary category set

Creative Commons License photo credit: ToastyKen

This week Auctionbytes were given a live demonstration on how phishers can capture eBay user names and passwords.

Falle-Internet.de explained that viewing an auction containing certain code could capture your personal information from eBay, and clicking links could also capture your eBay password.

In the UK all but the most basic types of for all users. Germany however has different rules allowing experienced sellers to in their auctions. eBay UK told us each eBay country site have discretion on “how to run their business to suit their marketplace” and this includes whether to allow javascript in auctions. In the UK it is not possible to use the offending code, so all UK auctions are safe to view.

Viewing an auction listed on eBay Germany even though you are logged into eBay.co.uk could still allow the malicious code to execute, the only safe way to view these auctions is to block scripts from running in your browser.

Our recommendation for all sellers would be to use a seperate eBay account for buying. If you’re browsing auctions especially from Germany make sure that you’re logged out of your main selling account. That way, if you’re unfortunate enough to have an account hacked, at least it won’t impact your income.

2 Responses

  1. No Problem. It won’t affect me and the millions of eBayers that use FireFox and the NoScript extension to disable eBay’s bloated javascript functions. Anyway the eBay sites all respond faster when you have javascript disabled.

  2. I think the reverse is correct: millions of ebay users DONT block java and flash !

    But who cares….in the end ebay is all about transferring the wealth from the rich countries to the poor.

    at least to russia, romania and nigeria….

RELATED POSTS..

eBay 3PM Shield acquisition bolsters ability to identify fakes

eBay 3PM Shield acquisition bolsters ability to identify fakes

Graham-Forsdyke-The-man-who-changed-British-retail-forever

Graham Forsdyke – The man who changed British retail forever

Amazon-warn-of-hacked-Amazon-accounts-issue-account-recovery-advice

Amazon warn of hacked Amazon accounts – issue account recovery advice

smoking-01

66% of products from online marketplaces failed safety tests

Trust-but-Verify-Whitepaper

“Trust but verify”: Bridging the trust gap in ecommerce

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars