eBay working to fix software problem that opens system to phishing attacks

• eBay is fighting to repair a software glitch that opens the door to phishing attacks using one of its own legitimate URLs.
• The online auction giant is working on a fix for the problem, and it hopes to distribute that fix among its Web pages in the next several days, a company representative said on Friday.
• The problem, described by the company as a "software bug," could be exploited by criminals to create an actual eBay link that redirects customers to a malicious site, the representative said.
• Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.
• eBay is one of the most popular targets of phishing schemes, which typically use e-mail messages that look like they come from a trusted service provider to dupe people into visiting a malicious Web site.
• The fraudulent site appears to be legitimate, but has been set up to steal the victim's personal information, such as a credit card number, which could then be used to commit identity fraud.
• The company, based in San Jose, Calif., has repeatedly warned its customers not to respond to such e-mails, and has even adopted a messaging system to eliminate the need for most e-mail correspondence with its registered members.
• This latest phishing issue for eBay differs in that it uses a legitimate URL to hook victims and send them to a malicious site.
• It is becoming significantly harder to discern phishing attempts from legitimate e-mail and Web pages, eBay spokesman Hani Durzy said in previous interviews with CNET News.com.
• "Because education only goes so far, we're also working on technology solutions that could help protect against these kind of attacks."