Threaded Mode | Linear Mode

***regic*** · 10-23-2006, 03:41 PM,

Quote:On the 4th of October 2006 a buyer who had been scammed on ebaY Motors using a second chance offer and had previously reported the scam to ebaY, was told that ebaY was not responsible, quoth the email, " Please keep in mind that we do include information on the messages sent through our system as well as on our site that state items should not be purchased outside of the eBay platform and should not be paid for using Western Union." The problem is, that as far as the buyer knew, the purchase WAS made on the ebaY platform, by going to ebaY, through the buyers normal links - NOT an email link - logging on to ebaY - NOT a third party site - and clicking on the second chance offer on ebaY's listing page. When the page opened, the buyer then clicked Buy It Now, his personal information was populated into a confirm shipping address page with his name and address from ebaY's servers, and when he got to the Pay Now page he was given the option of Western Union Wire Transfer, which (unfortunately) he used...

full article: http://auctionguild.blogspot.com/2006/10...acked.html

Anita · 10-23-2006, 07:02 PM,

What ebaY has always told users is that as long as you come to ebaY directly, and log in to ebaY directly, and complete the sale on ebaY, you are safe. This is no longer true.

***mandy*** · 11-08-2006, 08:28 AM,

A followup article from The Auction Guild's email newsletter:

Quote:EBAY REDIRECT PHISHING SCAMS MULTIPLY
************************************************************
The hackers and scammers continue to get through ebaY's bad coding and subvert
the site. The redirect schemes are going on both ebaY Motors and the main ebaY
site.

In addition to the ebaY Motors scam we previously reported on, a second
information (phishing) scam is prevalent on ebaY. Usually the victim is lured in by a
scantily clad woman, on a listing where such an image is entirely inappropriate.
Often when a user tries to report the listing, or clicks on something in the listing, a
pop up appears asking them to log in to ebaY. The victim fills out the information
in the pop up, and this info goes right to the scammer who now has access to the
persons complete ebaY account.

Protect yourself, and your friends and family. Never input your info in a pop up,
only through your normal access links. Block pop ups, block flash, block JavaScript,
especially on ebaY. If the listing requires pre approval to bid, and it sounds like a
great deal - be suspicious.

As always, ebaY will only end items that are reported, and sometimes not even then.
They do not appear to be doing anything to either fix their coding, or to monitor for
these listings themselves. Their big solution is to hide user IDs for buyer who bid
over $200. All that will do is help the shill bidders - but what the heck - the higher
the bid the more ebaY makes, so why do they care if the bidding is illegal.

http://www.auctionguild.com

***mandy*** · 11-14-2006, 09:38 AM,

Another report of an unpatched redirection flaw on the eBay site:

Quote:A redirection script error on eBay's site remains open to abuse 18 months after The Register first reported it.

The flaw - actively exploited in phishing scams since February 2005 - creates a means to make fraudulent emails look more convincing.

Shortly after publishing a report on the problem, eBay assured us that it had plugged the hole. Despite this the site remains open to abuse through the same back door, as an email from Reg reader Adrien this week reminds us...

full article: http://www.theregister.co.uk/2006/11/13/...tion_ruse/

sneakymagenta · 11-14-2006, 11:02 PM,

Is this the same bug ?