01/20/2014 Last Updated
Watch as this scam listing and 2 others uses an uncorrected XSS Cross Site Scripting Vulnerability and whisks me off to a hacked website. Phishing Fraud and Identity Theft can then occur!
Fraudsters hack a website and create a directory just above it’s public root. They then upload their scripts and images etc. Then plant their sucker bait and wait for a victim to swallow the hook.
I know we have been reporting this kind of phishing fraud for more years than i can count.
In our archives there are several other cross site scripting redirects. Here is one that even authenticated your credentials. And the horny-housewife redirects. There are many more where those came from. This XSS Cross Site Scripting Redirect Scam is really really old.
eBay Motors is constantly and proactively monitoring the site to prevent and address possible fraudulent behavior. As part of this monitoring, eBay Motors has identified recent redirect issues and has implemented specific safety measures, including updating our detection systems with a filter to identify this particular behavior. These additional protections should supplement smart shopping habits, including reviewing seller ratings, communicating with sellers and confirming transaction details through My eBay before making a purchase, and never paying for a vehicle via instant cash-transfer methods. eBay Motors also offers free vehicle history reports and a Vehicle Purchase Protection program for transactions that occur on the site, to help ensure the 10 million visitors coming to the site each month interact in a safe, trusted marketplace.
I feel that a company should be responsible for the safety of their shoppers. Don’t matter if your shopping online or in a brick and mortar store. Apparently eBay does not see it that way. Maybe some form of government regulation might help.
In my opinion eBay has no motivation to keep their shoppers safe. eBay is NOT Legally Responsible if you wind up getting redirected off their website and get phished!
Here is a video where Doc used Mozilla’s Firefox browser with an extension called NoScript to stop the redirect and view and capture it’s source code.
WATCH your Web Browser’s URL Window to see what website you are on!