Watch as this scam listing and 2 others uses an uncorrected XSS Cross-Site Scripting Vulnerability and whisk me off to a hacked website. Phishing Fraud and Identity Theft can then occur!

eBay Motors UK XSS Redirect Scam 01/20/2014Fraudsters hack a website and create a directory just above its public root. They then upload their scripts and images etc. Then plant their sucker bait and wait for a victim to swallow the hook.

I know we have been reporting this kind of phishing fraud for more years than I can count.

In our archives, there are several other cross-site scripting redirects. Here is one that even authenticated your credentials. And the horny-housewife redirects. There are many more where those came from. This XSS Cross-Site Scripting Redirect Scam is really really old.

eBay claimed they fixed this cross-site scripting vulnerability. They fed Ina Steiner of then this canned response but apparently, the vulnerability was never fixed.

eBay Motors is constantly and proactively monitoring the site to prevent and address possible fraudulent behavior. As part of this monitoring, eBay Motors has identified recent redirect issues and has implemented specific safety measures, including updating our detection systems with a filter to identify this particular behavior. These additional protections should supplement smart shopping habits, including reviewing seller ratings, communicating with sellers and confirming transaction details through My eBay before making a purchase, and never paying for a vehicle via instant cash-transfer methods. eBay Motors also offers free vehicle history reports and a Vehicle Purchase Protection program for transactions that occur on the site, to help ensure the 10 million visitors coming to the site each month interact in a safe, trusted marketplace.

I feel that a company should be responsible for the safety of their shoppers. Don’t matter if you are shopping online or in a brick-and-mortar store. Apparently, eBay does not see it that way. Maybe some form of government regulation might help.

In my opinion, eBay has no motivation to keep its shoppers safe. eBay is NOT Legally Responsible if you wind up getting redirected off their website and get phished! WATCH your Web Browser’s URL Window to see what website you are on!