http://news.com.com/Phishers+set+hidden+traps+on+eBay/2100-7349_3-6056687.html?tag=cd.top

Click on an eBay auction listing, and you could get an unwanted result: a fake eBay login page, created by scammers looking to pilfer your username and password. ...

Excerpt...
CNET News.com reader Neal Cahill of Kansas City, Mo., said he had come across the scam. "When you click on the listing, it runs a script or small program that automatically takes you to a new page that requests login info," he wrote in an e-mail interview.

The page users are redirected to what appears to be an eBay login page, but is in fact a copy stored elsewhere--a classic phishing scam. "This page looks just like the eBay login page, only the Web address is different," Cahill wrote. The bad listings are usually for really appealing items or related to adult entertainment, he wrote.

I'm confused. Are they saying that you do a search and get a list
of items and you click on an item in that list or are they referring
to clicking on a link within the Auction listing itself?

I know I typically click on "Watch This Item" within the Auction listing
and that will take me to the login page if I'm not already logged
in. Hmmmmmm, so maybe the safest thing to do is to always login
to your account FIRST and NEVER RE-LOGON if prompted to do so.
Does that sound right?

---pete---

Well almost Pete, but logged in or not, when you go to bid you have to login again.
I have noticed a new one. I got an email last week suggesting I had contacted a seller and tried to get a direct sale of a listed item, suggesting I need to be more careful. Anything in it I clicked on asked for a login, including www.ebay.com, which would never require a login at the site.
If you look at address it is always "aw-eBay.com"
I doubbt what they are talking about is on the eBay site though Pete.

Well almost Pete, but logged in or not, when you go to bid you have to login again.

Ok, for bidding we login again. No problem.


I have noticed a new one. I got an email last week suggesting I had contacted a seller and tried to get a direct sale of a listed item, suggesting I need to be more careful. Anything in it I clicked on asked for a login, including www.ebay.com, which would never require a login at the site.
If you look at address it is always "aw-eBay.com"
I doubbt what they are talking about is on the eBay site though Pete.
Yeah, Ebay Emails I always ignore unless it's one about an
Auction I'm involved with. That's a completely different issue
from what this article is all about. The way I read this article
it's saying the trap is on the Ebay site, not in Email.

---pete---

You can always use the SITE ADVISOR plugin for FF I posted.
Cool little tool, look at the specifics about the page you are viewing.

You can always use the SITE ADVISOR plugin for FF I posted.
Cool little tool, look at the specifics about the page you are viewing.

Folks at the Ebay message boards suggesting using RoboForm or
the Browser's password storage feature because those 2 methods
would only work with the origial login URL .

I'm reluctant to store all my passwords within the browser for other
reasons of security, but perhaps a 3rd party app like RoboForm which
has been around for a while would be more secure.

Any comments?

---pete---

***CLOSED***

The topic in this thread has reached an end of discussion point where no relevant new discussion is being added.

Please refrain from any additional posting on this topic unless there is an UPDATE or new information relevant to the original topic.

This thread has been condensed for ARCHIVING and REFERENCE purposes.

Additional postings may be removed without notice.

Thank you!
KH Mod Squad