Scripts in eBay Postings May Enable Phishing Attacks
The eBay web site may contain pages that affect various web browsers.
A vulnerability in the eBay web site may allow an attacker to steal personal information from eBay customers.
Verify the legitimacy of eBay web pages
eBay allows users to incorporate a type of code, also known as scripting, into the auction descriptions on its web site. An attacker can use this code to modify pages on eBay's web site or redirect you to a malicious web page. These may appear to be legitimate eBay web pages that request personal information. Using these techniques, an attacker may be able to collect your passwords, credit card numbers, or other personal information.
Please see US-CERT Vulnerability note VU#808921 for details and additional workarounds.
- US-CERT Vulnerability Note VU#808921 - <http://www.kb.cert.org/vuls/id/808921>
- Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
- Avoiding Social Engineering and Phishing Attacks - <http://www.us-cert.gov/cas/tips/ST04-014.html>
- Understanding Web Site Certificates - <http://www.us-cert.gov/cas/tips/ST05-010.html>
- eBay's Spoof Email Tutorial - <http://pages.ebay.com/education/spooftutorial/spoof_3.html>
- eBay Security Center - <http://pages.ebay.com/securitycenter>
Feedback can be directed to the