• Protip: Profile posts are public! Use Conversations to message other members privately. Everyone can see the content of a profile post.

Phishing Fraud on eBay with an NSX - Be careful!

Ojas

Ojas

Legendary Member
Joined
13 February 2000
Messages
3,127
Location
Austin, Texas
Guys and gals, watch out for eBay item #4650516675, which is described on ebaymotors as 1997 Acura NSX-T TURBO - 650 HP Street Car!

I went to the page for this item and was redirected to what appears to be the eBay login page (see first screenshot below). I knew this was a bit odd, but started to enter my login information when I noticed the URL (see second screenshot below) - classic phishing technique (described here).

No doubt, some crook posted this 1997 NSX for the sole purpose of redirecting unsuspected eBay members to a spoof/fake eBay login page. The jackass capture username and passwords, then hijack these accounts (at least the ones with good feedback rating) and use them to scam other folks out of money.

So, don't even click this item. If you have and logged though the fake page, I strongly suggest you login into eBay from their home page (http://www.ebay.com/) and change your password immediately. Otherwise, the crook will have everything he needs to hijack your account.

I've reported it to eBay, but it might be a while before they response. Also, it's unlikely that eBay would even know for sure which accounts have been compromised so it's best to avoid this listing and, at least recognize the fake login page should you run across it.
 

Attachments

  • scam.PNG
    scam.PNG
    44.1 KB · Views: 185
  • scam url.PNG
    scam url.PNG
    4.8 KB · Views: 62
I was selling a motorcycle on E-bay last week and fell prey to this trick. In an hour they hijacked my listing and were redirecting people to buy it outside of E-Bay..Dam scammers:mad:
 
Zennsx, that's too bad. Was eBay able to restore your account?

BTW 1: I should have added: It's not clear whether the guy who listed the item is the scammer or if this was a listing for a real item that hacked using a compromised account. I would not be surprised if it's the later.

BTW 2: Having some background in web programming, I was checking out exactly what the scammer did to the listing that caused to redirect to the fake page and when I found the source, I was amazed a company like eBay does not think to scan for this: It's a common type of vulnerability known as cross-site scripting or XSS. Unlike other scams on eBay that are more outside of their control, this one only exists because eBay's listing editor has a defect that allows it. Anyone with basic HTML skills could easily exploit this security hole!

I don't get why eBay does not scan for this. It would not even require a single person to monitor anything (unlike other types of fraud) - just a few lines of code on their end could prevent things like this from happening. Surely they know about this vulnerability, but I have documented and sent it to eBay anyway.
 
Last edited:
Ojas said:
Guys and gals, watch out for eBay item #4650516675, which is described on ebaymotors as 1997 Acura NSX-T TURBO - 650 HP Street Car!

I went to the page for this item and was redirected to what appears to be the eBay login page (see first screenshot below).
Click to expand...

You actually went to the listing page from within eBay was were re-directed? I can't see how that is possible unless eBay itself was hacked and someone added a Meta re-direct tag. Either that or I'm falling behind on my HTML skills which is entirely possible. :)

In any case, the listing seems to have been removed.
 
Hugh, yep: that's exactly what happened. In fact, before the listing completely loaded, the fake login page appeared. Perhaps an average user might notice a "flicker" if they pay attention, but I didn't even notice the first time.

I suppose eBay is generous in the amount of HTML it allows users to post in listings - a bit too generous in this case. I'm not sure if they filter meta refresh tags, but apparently they do allow at least a bit of JavaScript to slip through. Your HTML skills are probably good* as it was not pure HTML, but a simple JavaScript command in the HTML.

* good = good enough for tweaking a tizzy tight page on myspace :)
 
Last edited:
Didn't know that a Javascript command in what I thought would be a frame could reload the browser with an entirely new page. Big security hole on eBay's part!
 
I remember running accross this listing yesterday. I did not recall anything out of the ordinary, so I just went back to take a peek, and the item is relisted as item # 4651503825. I suspect it is a legitimate sale, and the owners account was hijacked.
 
Ojas -

This was my listing and account that was hijacked.

The listing was made by me on Monday 6/12. I was informed by ebay yesterday that a third party accessed my account and the rest is history. It took me until 2 AM this morning to sort everything out.

I relisted this morning with a new listing id #. All my passwords have been changed and I'm crossing my fingers that something like this can't happen again. What a disaster.

If anyone sees something odd going on with the new listing (id #4651503825), please let me know ASAP.
 
Last edited:
In my case I received an E-mail stating question from e-bay member regarding a motorcycle for sale,When I tried to respond ,a phoney E-Bay log in appeared and I submitted my password and user ID. An hour or so later I thought it was a little fishy so I checked my listing and someone edited my item in the description box ( paragrahs of computer code). I had to change my password and get rid of the code in the item description . These scammers are very resourceful...
 
Very dirty. You guys are fortunate to have noticed; the number of phishing instances seems to be increasing significantly this year (IMHO) despite anti-phishing in firefox and an overall increase in awareness.
 
A wrinkle on this scam.
I received a "service@paypal" e-mail (very authentic looking paypal page) saying my payment of $350 to a bogus paypal account was being made for the purchase of a Ipod. Of course the next link is a login page but I found it suspicious when the e-mail address at the top of the browser was not a paypal address.
I logged onto may paypal account in another separate window and no such transaction had/or was taking place. Just a scam to try and get the password and login. Nice try but no cigar from me. :tongue: Look out folks. These phishing guys are assholes...
 
thanks for taking the time to do this, ojas - very helpful and informative, even for those of us who think we're on top of these kinds of things.

hal
 

Similar threads

K
  • Locked
1997 NSX-T Red/Tan 6-Speed 79k Miles JH4NA2163VT000029
Replies
2
Views
3K
Karl_M
K
VANSXTC
  • Sticky
Thoughts from a 20+ year NSX Owner to new NSX Owners (and maybe some not so new)
2
Replies
43
Views
21K
C2 Turbo
C2 Turbo
R
1997 Acura NSX Dealers Sales Brochure with the Original Mailing Envelope
Replies
1
Views
935
rednsx1995
R
Honcho
Tuning the NSX 3.0L Using the OEM ECU
7 8 9
Replies
200
Views
52K
MotorMouth93
MotorMouth93
7tcatvert
1st time on track with my NSX looking for advice
Replies
15
Views
2K
Hapa88
Hapa88
Back
Top