Looks like that old eBay XSS Cross-Site Scripting Redirect snagged another victim. $8,500 is a lot of money to lose. Cover your butt and be sure a deal is for real! Don’t become another victim of Internet Phishing Fraud!
“From this eBay Motors Post: An eBay shooting star TRS power seller stupidtoy99 lost $8500 on an apparently bogus eBay Motors car listing.”
In Dec. I bought a car on eBay. Turns out it was a fake listing with fake payment info (I was on WWW.EBAY.COM) Apparently eBay & my computer were both hacked into. Proof of that is that I was able to list, sell, receive payments & use the feedback system the whole time I was working out the deal on the car. I lost $8500.00. One of the hackers is now in jail in Forsyth, GA… I wanted ebay to investigate,so faxed them 17 pages (numerous copies of the payment info and the listing) to the number they provided on 12/27/12. I waited two weeks, then called them to see what progress. I was told they had never received the faxed pages. I then resent them to another fax number (in Utah) that ebay provided. Called ebay again today-they claim they never received them. Now I got an address for ebay and will mail the whole batch out tomorrow. Cost $30 for all the faxes. Is this just incompetence,or is ebay just avoiding the issue that they may have an internal problem??
That had to hurt something fierce, $8500 is a lot of money to toss out the door. Just another reason to inspect both the vehicle and its supporting title and other documentation. Had this buyer done his homework first before sending payment, he would have discovered it was a scam.
As for eBay and XSS Redirects, it’s been happening for many many years. It was so bad at one time the US Government through their US Cert program issued a warning on 04/03/2006 to all eBay shoppers: Alert VU#808921. Also, note that the Google Safe Browsing report lists eBay as a factor involving malicious software that could lead to malicious attacks and infect other websites. Here is the link to Google’s safe browsing tool.
This alleged theft of $8500 makes me wonder if last year’s Norton Antivirus eBay virus alert was really a false alert? I bet Norton’s bot crawled an infected eBay listing page and did its job alerting those that purchased it. If you must use eBay.com and any of its other websites, be sure to have good antivirus software installed on your computer. And be especially aware of where your browser’s URL bar is pointing to. A quick XSS Redirect can sweep you off of eBay to a cleverly baited trap in a flash!
Updated 01/25/2012: I see this discussion on eBay Motors Forum is gaining some traction. My personal thoughts on this matter are. It’s the merchant’s responsibility to safeguard their shoppers. But it’s too easy for eBay to blame incidents like this on the shopper, then use alleged shills to belittle the victim and steer the conversation in eBay’s favor on and off of eBay.
This kind of behavior is illegal. It’s a no-no for any publicly-traded company to manipulate its securities through public opinion. The Security and Exchange Commission even has a whistleblower division where tipsters can get paid for reporting corporate illegal activity.
The bottom line here is. eBay has not fixed this Cross-Site Scripting XSS Redirect Vulnerability. As a result, eBay shoppers are losing money. eBay should be held responsible for their shopper’s losses due to fraud like this. But when you are so big and can influence government regulators, and manipulate search results of negative public relations, I doubt eBay will ever be held responsible for its actions.
eBayMotorsSucks.com was founded in 2004 as a method to make fraud education available to vehicle shoppers. I am simply a consumer advocate who can’t stand dirty dealing and internet fraud. As long as eBay continues to allow fraud to occur on their website, I am going to report it.