EBay users have long been the target of phishing attacks and phishing sites, but researchers have now discovered an eBay phishing site that was hosted on the infrastructure of the auction site itself. The phishing site is offered from the domain ebaydesc.com, which is normally used to host the descriptions of goods offered on eBay.
These descriptions are then displayed via an iframe on the eBay website. Instead of a definition criminals have now created a phishing page that asks for the credentials German eBay users. After users enter their data being sent to the real eBay page, which states that the username or password was invalid.
Meanwhile, the entered credentials sent to a server with a Russian IP address. According to Internet company Netcraft that the phishing page offers discovered eBay by allowing HTML and scripts in the making of descriptions, crooks many opportunities to perform phishing attacks.
No comments:
Post a Comment