BBB Warns of E-Bay Scam

Cross-Site scripting allows thieves to appear like the real thing…

The Better Business Bureau is warning consumers of a very common online-scam. Next time you shop on eBay, watch out for this scam. Con artists are exploiting a vulnerability in eBay’s editing feature to redirect online shoppers to lookalike websites that can steal passwords.

How the Scam Works:

You are shopping on eBay for a laptop, cell phone or other popular item, and you see a listing with a great price. You click on it, but instead of taking you to the item’s page, it reroutes you through a series of websites. You end up at a page requesting your eBay username and password.

Don’t enter it! The site might look like eBay’s log in page, but it’s really a different website. If you input your username and password, it will end up in the hands of scammers. This gives hackers the ability to access your account, and, if you use the same password for other websites, free pass into other accounts.

How does this happen? eBay permits sellers to use Javascript and Flash to add design elements to their listings. But this flexibility allows scammers to add malicious code instead, a practice called cross-site scripting.

How to Protect Yourself from this Scam:

Check the URL of the website. Before entering your password or any other information, make sure you are on the correct website. Check the URL in the browser bar.

Look for a secure connection. Make sure your personal information is being transmitted securely by ensuring the web address starts with “HTTPS” and has a lock icon.

Be wary of listings that look too good to be true. Be suspicious of listings that have prices significantly lower than those listed elsewhere. It could just be a ploy to get clicks.

For More Information Learn more about eBay scams on their website. To find out more about other scams, check out BBB Scam Stopper.