eBay Phishing scams, eh?
This is a clever one.
The eBay site is redirecting requests to external domains. An attacker can build a querystring that will cause a valid ebay.com domain to redirect to an attacker’s page:
All they need do is obfuscate the URL to hide what is really happening, like so:
That’ll point to http://home.durdle.com. Looks more like an eBay page though, right?
Of course people need to be vigilant about what emails are asking them to do, the one that prompted me to investigate this was asking me to “confirm my account details” so was obviously fake. Well, obvious to me, I know a good number of people who would have seen a valid eBay URL and diligently followed the instructions.
Perhaps eBay need some validation on their RedirectToDomain command, or at the very least they could check for an HTTP referrer, so that it would only work if you were following a link from within an eBay page.