By John McCarthy | Media editor

September 18, 2014 | 2 min read

Cyber crooks have been exploiting online marketplace eBay by redirecting users to external sites using fake item listings designed to steal usernames and passwords.

The external site used a technique called ‘phishing’ whereupon users are required to 'sign in’ to their account on a spoof eBay page providing crooks with access to people's eBay accounts.

According to a BBC report, the issue was first flagged up by ‘eBay PowerSeller’ Paul Kerr, an IT worker from Alloa, who informed the firm that a listing for an iPhone 5S was acting suspiciously after it took him to an unusual web address.

Kerr also uploaded video proof to YouTube (see video above) to inform users how to identify crooked sites. The IT professional told the BBC: “It's guaranteed - you can bet your bottom dollar that somebody's going to click on that and be redirected to a third-party site and they're going to enter their details and be compromised.

“You don't know how many of the hundreds of thousands of people who use eBay will have done that.”

eBay has removed the listings following the complaint, although it is unclear how many, if any, accounts were compromised by the scam. Notably, the attacks can be perpetrated against most online retailers, achieved by manipulating the site’s Javascript code, ultimately redirecting users away from the secure website.

A spokesman for eBay told the Drum: “The eBay corporate network has not been compromised. This appears to be a case of abuse by a user who placed malicious links within a few product listings on

“We take the safety of our marketplace very seriously and remove listings that are in violation of our policy on third-party links.”

Earlier this month, eBay saw its twelfth major service crash of the year, with users across the US, UK, India and Europe denied access for several hours, preventing users from the last-minute bidding for which the site is famous.

Ebay Retail News

Content created with:

More from Ebay

View all