SAN JOSE – eBay is fighting to repair a software glitch that opens the door to phishing attacks by criminals to create an actual eBay link that redirects customers to a malicious site.
Phishing schemes typically use e-mail messages that look like they come from a trusted service provider to dupe people to into visiting a malicious Web site that has been set up to steal the victim’s personal information, such as credit card number. Phishing is one of the leading tools of identity fraud.
eBay has repeatedly warned its customers not to respond to such e-mails, and has even adopted a messaging system to eliminate the need for most e-mail correspondence with its registered members, CNET.Com reported.
This latest phishing issue for eBay differs in that it uses a legitimate URL to hook victims and send them to a malicious site. The flaw may have already allowed individuals to use one of eBay’s URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.
An eBay official said the number of phishing threats aimed at the company have “exploded” over the last year. The spokesman said he doubts that the problem will slow down anytime soon.
