Online retailer eBay is back in the news again, in yet another event to the never-ending hacker saga that is distinguishing secure sites from non-secure ones.

eBay was hacked again recently using a phishing technique, in which users log onto the site that says, “eBay,” looks like an eBay site with which users are familiar, but is actually an artificial site designed by hackers to trick users into supplying their username and password. Hackers then steal the information used to log into the site and can do with the information whatever they’d like. The hackers made sure that users would access the fake eBay website by uploading products that would then lead users into the fake product order pages that looked legitimate.

eBay said in response that the product phishing pages aren’t a new tactic, but an old one: “This is not a new type of vulnerability on sites such as eBay. This is related to the fact that we allow sellers to use active content like Javascript and Flash to make their eBay listings more attractive. However, we are aware that active content may also be used in abusive ways. Cross-site scripting is not allowed on eBay, and we have a range of security features designed to detect and then remove listings containing malicious code,” said an eBay spokesperson.

From eBay’s own words, the company recognizes the risk that hackers pose to the site, but still allows Javascript and Flash to be used in order to bring business and online web traffic. In other words, the company wants to protect its users, but not at the expense of the bottom dollar.

Google denies hacking into nearly 5-million Gmail accounts, but 60% of data still legitimate

eBay has had incidents such as this happen before, with one recent incident relating to the company’s corporate account. Users were told that they should reset their username and password in the event that their account could become susceptible to hackers. The company is under scrutiny from users because it delays its response when alerted as to a possible site hacking.

Even more disconcerting is the fact that eBay also owns PayPal, and PayPal is a commercial site used to store the income of independent contractors, businessmen, and average consumers who want to have access to digital funds on the Web.

Russian hacker gang accused of largest data breach known in Internet history

Phishing is a familiar hacking tactic, and users are urged to look up the site they want to use before going to just any website that says “eBay.” When in doubt, use your familiar mobile app on your phone that you’ve downloaded from Google Play or the iOS App Store. Another way to remain safe is to be sure to bookmark the official eBay site (or any other) so that you need not fumble for it on your device (typing the URL, for example,) when you want to access it. You can also save the site to your home page and click on the icon when you want to access the site.

These are just a few ways to avoid being the victim of a phishing scheme. Anyone can believe they’re immune from such phishing attacks until it happens to them. Don’t be fooled; take precautions to protect yourself and your mobile experience.


Please enter your comment!
Please enter your name here