eBay Flaw Leads to Password Harvesting

The BBC is reporting that eBay suffers from a security flaw that has existed for months. eBay has been criticized for not responding quickly enough.

The flaw causes users who click on listings to be redirected to a malicious, “password-harvesting” site. According to another article, the malicious site asks users for their eBay login and password. It may be easy to fall prey to this scheme because you may think you forgot to log in when you first started browsing on eBay.

The ultimate responsibility for fixing this flaw lies with eBay. Users should not have to shop in a state of constant paranoia, worrying that they may have clicked a malicious link. However, there are a few ways you may be able to protect yourself:

1. Don’t log in through a link that you have to click on. Log in to eBay from a link that you have bookmarked and know to be legitimate. If you are asked to log in again 1 minute after you have just logged in, something fishy is going on. Note that some sites do ask users to enter their password again even if they are already logged in if they are trying to change certain settings like account details. In this case, see #2.

2. Always check the link of the site you are being asked to log in to. The link can be found in your browser’s address bar. Some browsers even highlight the domain of the URL you are visiting, making it easier for you to spot fake links. If you see asdf.net highlighted instead of eBay.com, don’t enter your password.

Leave a Reply

Your email address will not be published. Required fields are marked *