Share:
POST
TWEET
SHARE
SHARE
EMAIL

eBay listing auto direct phishing like error

By Chris Dawson September 28, 2015 - 10:48 am

eBay-Listing-Phishing-ScamThere’s a new glitch, which looks very much like a phishing scam, currently live on eBay listings. Not being technical we haven’t a clue how it occurs, but simply by browsing an infected live listing users are being directed to pseudo eBay log in site.

The infected listing that we have seen is the top search result in Best Match for “Heavy Labels”. Clicking on the top search result takes you to a genuine eBay listing, but then the page reloads to direct you to “http://vi.vipr.ebaydesc.co.uk”. This looks like a genuine eBay URL and the domain on which they host eBay listing descriptions, but it should end in .com, not .co.uk. Plus the dodgy listings are taking you to a test area on that domain – vi.sandbox.ebaydesc.co.uk. ebaydesc.co.uk is eBay AG registered domain, so hopefully this is an error and not a hack.

Why simply viewing a listing is able to redirect you to another domain I don’t know. Some years ago eBay moved to hosting all eBay listings in a separate frame to stop code from descriptions affecting the main eBay site. They also of course have banned code which is easy to use for nefarious purposes such as calling remote scripts and pages automatically (e.g. JavaScript “includes” or “iframes”).

If you see any such code (or strange redirects) on your listings then your listings have been hacked. If you see the behaviour on anyone else’s listings we suggest you close your browser immediately.

  • Toby
    2 years ago

    Same was reported to eBay a few weeks ago, where someone was emailing us to view one of our listings, in fact it was an Iphone case listing & the description had a Java Scripting which was loading a fake login “Image”.
    When you entered some random User ID, it redirected to the eBay feedback for that User ID.
    I’ve never understood why someone would want “ebolamonkey” as their user id, although that is what we use on infected logins

  • Andy R
    2 years ago

    We mentioned last year to Ebay and on Tamebay that there were live Ebay listings containing malware.

    Ebay pulled the listing we reported to them but nobody questioned or explained how this could happen on a live Ebay listing.

    There is clearly a vulnerability being exploited by the phishing / scamming low-lifes.

    Seems mainly to be far eastern listings for motor parts or electronics.

    • Andy R
      2 years ago

      PS – This is a hack in reality, as these people have clearly got into Ebay’s internal system in order to put this malware into a live listing.

      That was why we kicked up a stink over it with Ebay, in theory, a live listing on Ebay (as opposed to a fake site or mirror site) contained potential threats.

  • Naeia
    2 years ago

    I have been receiving spam e-mail in German for the last few days with a non-existent item no. that links to an address looking like:

    http://vi.vipr.ebaydesc.com/ws/eBayISAPI.dll?ViewItemDescV4&item=(item no)

    All the e-mails come from different e-mail addresses at gmx.de, and my spam filter does not stop them from arriving to my inbox.

    I had not noticed a direct connection with eBay, but according to Chris the URL that the link leads to looks like the domain on which they host eBay listing descriptions, so I have just forwarded the last of these e-mails to spoof@ebay.com.

Recent Comments

3 hours ago
Northumbrian: never heard of him, dont know him , and as far as we are aware...
5 hours ago
David Brackin: This is a big loss for eBay -- Paul is an extremely intelligent manager and...
6 hours ago
Eggyplops: Yeah, everyone knows that the true throbbing pulse of the tech revolution is the buzzing...
6 hours ago
Lee Morgan: Great read and seeing these levels means that more should be done at schools, universities...