Upload
staysafe-magazine
View
17
Download
2
Embed Size (px)
Citation preview
© www.staysafemagazine.co.uk Scam Alerts 2014 StaySafe Magazine Scam Alert Service
Page 1
EBay Listings manipulated to Con Users
into handing over Personal Details
A large volume of eBay customers have contacted the BBC in response to
hundreds of listings designed to steal online user credentials and subsequently,
bank account details. EBay allegedly was reluctant to take action upon contact
from distressed customers, despite reports of bogus listings since earlier in
February this year.
Genuine user accounts had been ceased and were used to generate listings. The
accounts were those of merchants with a good reputation, high levels of feedback
and a long history of selling through eBay.
In one instance, a seller was charged £35 for the auction of items whilst he had
been unable to access his account. Upon contacting eBay regarding the matter,
the seller received an email stating that account hijacks are usually the result of
the sharing of user credentials.
© www.staysafemagazine.co.uk Scam Alerts 2014 StaySafe Magazine Scam Alert Service
Page 2
Phony listings would redirect potential customers to a genuine looking site that
requested login details and bank account details. Scripture incorporated into
some websites and sellers pages such as JavaScript and Flash, can be used to
make pages look more animated or attractive. On the other hand, they also
increase the vulnerability of malicious code being added in by hackers. The act is
known as ‘cross-site scripting.’
EBay have denied intentions of removing the ability for sellers to add active
content and reassured that they will continue to monitor the security of listings.
Experts are calling for these features to be disabled until the problem has been
resolved.
“If they can’t make it work without the risk of exposing users to cross-site
scripting, they shouldn’t allow it,” said security expert from F-secure.
“Sellers do use active content, but I expect a very large proportion of needs could
be fulfilled with some eBay-provided JavaScript which has been carefully checked
for safety by eBay,” said Dr Steven Murdoch of University College of London.
EBay could be at risk of losing consumer confidence and may now have to change
both the prevention and resolution methods surrounding security issues.
Nonetheless, some security experts have suggested that this may be a difficult to
implement, if the website is to remain user friendly.
StaySafe Magazine and its on-line journal contain an outsized quantity of key
information and stories regarding current scams & criminal behavior.
Follow us for Stay Safe: