alphamicro
Newly Enlightened
This happened to me last night. I was browsing the watch listings. There was a new listing shown that was apparently out of place (as there was a provocative thumbnail, definitely not of a watch). Purely in the interest of research, I clicked on the auction. Up popped the eBay login page (just like I hear you would get if you wanted to check out eBay's Mature listings). Guess what, it wasn't eBay. I was redirected elsewhere but didn't catch it at the moment. The next page also looked like eBay and told you that the auction was no longer listed. This time I noticed that the URL wasn't eBay. I went back & did everything again but this time noticed that the login page URL was also funky. I typed a BS password and was sent to the same "auction no longer listed" page. My next move was back to eBay where I immediately changed my password (and then did the same thing in PayPal for good measure). Then I notified eBay about the "auction." If the phisher had been a little more creative with the URL, I doubt that I would have noticed. I've always ignored the e-mail phishing but had no idea that the same thing could happen directly from eBay. I've linked a couple of stories below about this kind of phishing. One shows an eBay login screen shot versus a phisher login screen shot. The basic differences are http vs https in the URL and the lack of the VeriSign Secured logo (which I assume could be faked anyway). This kind of crap could happen with ANY eBay auction. Forewarned is forearmed, I hear. Now that I know about this, I won't fall for it again. I know all of you sophisticated users would never have fallen for this, but I just wanted to pass this on to any other rubes like me out there.
http://news.com.com/Phishers+set+hidden+traps+on+eBay/2100-7349_3-6056687.html
http://www.darkreading.com/document.asp?doc_id=94738&WT.svl=news1_1
http://news.com.com/Phishers+set+hidden+traps+on+eBay/2100-7349_3-6056687.html
http://www.darkreading.com/document.asp?doc_id=94738&WT.svl=news1_1