A new wave of phishing attacks, which initiated on February 10, target eBay members’ websites. The attack steal credentials from victims using a fake login. As of today, the fake eBay login forms can still be accessed on affected wildcard domains. The attack takes advantage of a cross-site scripting vulnerability on sites that use a version of iRedirector Subdomain Edition.