© www.staysafemagazine.co.uk Scam Alerts 2014 StaySafe Magazine Scam Alert Service

Page 1

EBay Listings manipulated to Con Users

into handing over Personal Details

A large volume of eBay customers have contacted the BBC in response to

hundreds of listings designed to steal online user credentials and subsequently,

bank account details. EBay allegedly was reluctant to take action upon contact

from distressed customers, despite reports of bogus listings since earlier in

February this year.

Genuine user accounts had been ceased and were used to generate listings. The

accounts were those of merchants with a good reputation, high levels of feedback

and a long history of selling through eBay.

In one instance, a seller was charged £35 for the auction of items whilst he had

been unable to access his account. Upon contacting eBay regarding the matter,

the seller received an email stating that account hijacks are usually the result of

the sharing of user credentials.

© www.staysafemagazine.co.uk Scam Alerts 2014 StaySafe Magazine Scam Alert Service

Page 2

Phony listings would redirect potential customers to a genuine looking site that

requested login details and bank account details. Scripture incorporated into

some websites and sellers pages such as JavaScript and Flash, can be used to

make pages look more animated or attractive. On the other hand, they also

increase the vulnerability of malicious code being added in by hackers. The act is

known as ‘cross-site scripting.’

EBay have denied intentions of removing the ability for sellers to add active

content and reassured that they will continue to monitor the security of listings.

Experts are calling for these features to be disabled until the problem has been

resolved.

“If they can’t make it work without the risk of exposing users to cross-site

scripting, they shouldn’t allow it,” said security expert from F-secure.

“Sellers do use active content, but I expect a very large proportion of needs could

be fulfilled with some eBay-provided JavaScript which has been carefully checked

for safety by eBay,” said Dr Steven Murdoch of University College of London.

EBay could be at risk of losing consumer confidence and may now have to change

both the prevention and resolution methods surrounding security issues.

Nonetheless, some security experts have suggested that this may be a difficult to

implement, if the website is to remain user friendly.

StaySafe Magazine and its on-line journal contain an outsized quantity of key

information and stories regarding current scams & criminal behavior.

Follow us for Stay Safe: