Watch out: eBay vulnerability leads to phishing log-in page

Thinking about picking up a used iPhone on eBay? Shop carefully, friends: it's apparently phishing season. The BBC is reporting some auction listings are redirecting to counterfeit eBay login pages -- fronts for phishing scams designed to steal customer usernames and credit card information. The good news is that eBay isn't technically hacked. The online marketplace allows sellers to use scripting to gussy up item listings. Cross-site scripting is generally not allowed, but these scammers are doing it anyway.

"Cross site scripting is not allowed on eBay and we have a range of security features designed to detect and then remove listings containing malicious code," eBay told Engadget. Even so, the BBC says it was able to identify 64 malicious listings from the last 15 days. All those auctions have been removed, of course, and eBay says it is actively seeking out and removing these kinds of listings. Still, better safe than sorry: if eBay is asking you to log in at an erroneous time, double check your address bar to make sure you haven't been mysteriously redirected.