Are you a regular online shopper? Do you prefer to shop online than visiting any particular shop physically? If you are fond of shopping online, then beware online scams are hovering over all sites. And, the latest victim of online scams is eBay- one of the largest e-commerce companies.

EBay has recently been scammed as people clicking on some of its links were automatically taken to a site, especially designed to steal their credentials. The fake site designated to steal personal information looks more like the online marketplace’s welcome page.

Dr. Steven Murdoch, a security expert from University College London’s Information Security Research Group was able to diagnose and remove the listing of items that were hacked even before the eBay removed it. Steven also said the technique used by the hackers was known as a cross-site scripting (XSS) attack.

As per stated by the security expert, the hijackers very smartly placed malicious JavaScript code within the product listing pages, which further redirected affected users to other false sites. The moment any user clicks on the listings, his/her webpage gets hacked.  The listing pages also contained such codes that had the potential to carry out many other malicious actions.

An IT worker from Alloa in Clackmannanshire named Paul Kerr was the first one to identify the issue. The moment he noticed redirection for an iPhone, he instantly informed the site about the same.

Kerr was able to identify the problem as the web address of the page to which he was redirected was bit unusual. Kerr was smart and had some knowledge about such threats, so he detected the change on site, but what about the less tech-aware users. Less tech-aware users might not have realized the danger that they were actually inviting-they must have entered their credentials on the third-party site without even realizing that they have actually compromised their credentials.

Notably, this is not the first time when eBay has suffered such technical setback. The site has experienced similar issues several times – even when the users were unable to sign in to their accounts and have received incorrect passwords.