It would be nice to think that eBay, one of the world’s most popular websites, had its act together when it came to securing its content.
After all, if a hacker were able to boobytrap auction pages on the site to redirect users to a phishing page that asked them to enter their eBay username and password, that would be a pretty bad thing. Right?
Paul Kerr, an eBay PowerSeller and IT worker from Alloa in Clackmannanshire, Scotland, stumbled across some iPhones for sale on eBay which had quite a sting in their tale.
Watch this video to learn more.
Although in this case it was cheap iPhones that were being used as bait to catch unwary eBay users, it could just as easily have been other items that attackers had used to lure surfers into handing over their eBay usernames and passwords.
eBay clearly dropped the ball by allowing the malicious script to find its way into auction entries – it’s the kind of code which should be stripped out of its pages, so there’s no possibility of any harm being done. But, worse than that, why did it require the BBC to investigate before action was taken?
You should always be careful when buying second-hand items, especially if they appear to be being flogged off cheaply in as rush because a new model of the phone is coming out, and have your wits about you.
But I wonder how many people would also expect to have to be on the lookout for phishing attacks when they were harmless browsing around eBay?
More details can be found on the BBC News website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.