Another eBay Scam: Buyers Being Tricked Into Giving Away eBay Passwords

If you enjoy shopping for bargains on eBay, beware of a new scam that may land you on a look-alike eBay log-in page. Consumers who aren’t aware that they are on the phony site may give scammers full access to their personal account information, including passwords, address and credit card information.

CBS News reports that the latest eBay scam targets users who are viewing listings on the e-commerce site. Simply clicking on an item with a “tempting price” (likely something that’s too good to be true) will move the user to a series of fake sites that look just like eBay. If you’re already logged in and the site asks you for your username and password, that’s a red flag that you may be on a non-eBay site.

The Better Business Bureau states that once you enter your user name and password, your information is immediately in the hands of scammers. If you use the same password on multiple websites, this could lead to an even bigger breach of your personal information, giving these scam artists easy access to other online accounts, including email, banking, and social media accounts.

“How does this happen? eBay permits sellers to use Javascript and Flash to add design elements to their listings. But this flexibility allows scammers to add malicious code instead, a practice called cross-site scripting.”

What’s the best way to avoid the eBay scam? The BBB states that users should pay attention to the web address in the browser bar to make sure they are still on the actual eBay site. Users should see “HTTPS” and a lock symbol, two things that will confirm that the eBay shopper is on a secure site.

It is very important to avoid clicking on any deal that looks too good to be true. If you are shopping for a MacBook Pro computer and suddenly see a listing pop up offering the Apple laptop for $50, one click could lure you into the fake site. Of course, it’s likely that you will be required to login again so the phishing attack can begin, so don’t panic if you do happen click on the fake listing — just make sure you don’t enter your username and password. Exit the page and, for an added measure of security, reset your eBay password.

This is not the first time in recent months that hackers have gone after eBay users. In May, users were asked to change their passwords after a cyberattack stole employee login data. CBS reports that eBay states that no customer account information was stolen in the attack.

The Inquisitr previously reported about an eBay site outage in early September, one that was thought to be the work of hackers. eBay sellers around the globe experienced issues logging into their accounts, with some sellers finding that all of their listings had disappeared. Fortunately the problem was caused by site maintenance and sellers were all up and running several hours after the site outage started.

Have you encountered the latest eBay scam? Sound off in the comments if you clicked on a low-priced item that took your to a fake eBay log-in page.