eBay is fighting to repair a software glitch that opens the door to phishing attacks using one of its own legitimate URLs.
The online auction giant is working on a fix for the problem, and it hopes to distribute that fix among its Web pages in the next several days, a company representative said on Friday.
The problem, described by the company as a "software bug," could be exploited by criminals to create an actual eBay link that redirects customers to a malicious site, the representative said.
Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.
eBay is one of the most popular targets of phishing schemes, which typically use e-mail messages that look like they come from a trusted service provider to dupe people into visiting a malicious Web site.
The fraudulent site appears to be legitimate, but has been set up to steal the victim's personal information, such as a credit card number, which could then be used to commit identity fraud.
The company, based in San Jose, Calif., has repeatedly warned its customers not to respond to such e-mails, and has even adopted a messaging system to eliminate the need for most e-mail correspondence with its registered members.
This latest phishing issue for eBay differs in that it uses a legitimate URL to hook victims and send them to a malicious site.
It is becoming significantly harder to discern phishing attempts from legitimate e-mail and Web pages, eBay spokesman Hani Durzy said in previous interviews with CNET News.com.
"Because education only goes so far, we're also working on technology solutions that could help protect against these kind of attacks."