Netcraft: PayPal Security Flaw Allows Identity Theft
Fraudsters manipulating content on genuine PayPal site.
Image source: Netcraft
Image source: Netcraft
Via Netcraft.
A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.More here.
The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).
Update: Apparently this has been fixed.
posted by Fergie @ 6/16/2006 05:12:00 PM
0 Comments:
Post a Comment
<< Home