All the latest UK technology news, reviews and analysis

PayPal sinks CSS phishing scam

by Clement James

20 Jun 2006

Be the first to comment

  • Tweet this
PayPal has fixed a vulnerability which allowed cyber-criminals to use the company's official website as a platform to steal user information
PayPal security flaw could be exploited to steal credit card numbers and other personal information

PayPal has fixed a vulnerability which allowed cyber-criminals to use the company's official website as a platform to steal user information.

The cross-site scripting vulnerability on paypal.com came to light last week. Internet monitoring firm NetCraft noted that the security flaw could be exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users.

NetCraft said that the scam tricks users into accessing a URL hosted on the genuine PayPal website. The scammers even supplied SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate.

However, the scammers managed to inject a message into the genuine PayPal site which reads: 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.'

The victim is then taken to an external server, hosted in Korea, which presents a fake PayPal member log-in page.

Users are prompted to enter social security numbers, credit card details and even Pin codes for bank cards.

PayPal has now fixed the code on its site to address this flaw.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

A Microsoft logo

Microsoft posts critical Internet Explorer patch with February fixes

Related white papers

Related articles

Related jobs

Today's top stories

Cern Control Centre building

CERN powers up Large Hadron Collider in final search for Higgs Boson

hp-z1-workstation-pc

HP takes wraps off all in one Z1 workstation

Asus Transformer Prime vs Apple iPad 2

Apple iPad 2 vs Asus Transformer Prime head-to-head review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Network Support Engineer Up To £40k

(Roc Search - Network Support Engineer, 2nd line, 3rd...

3rd Line Engineer / Infrastructure Engineer - VMware, Server,

3rd Line Engineer / Infrastructure Engineer - Berkshire...

SQL Server DBA - Database Administrator - MySQL Suffolk - £50k

MySQL SQL SERVER DBA / Database Administrator - Online...

PMO Analyst - Banking

PMO Analyst - Banking Client A financial organisation...

To send to more than one email address, simply separate each address with a comma.