All the latest UK technology news, reviews and analysis
|
|
|
08 Jul 2003
US internet monitor Internet Storm Centre (ISC) has warned web users of a fake website capitalising on the PayPal e-wallet system.
The fake site uses a valid secure sockets layer (SSL) certificate to dupe visitors into believing they are accessing a bona fide secure site.
It then compounds the deception by using a CGI script to redirect the user to the actual PayPal login page.
The scam, which hopes to gain information that can be used for identity or credit card fraud, makes use of a well-known technique called URL masking which uses a username and password prefix in the address to fool the unwary.
HTTP URLs can include user name and passwords for http basic authentication, which are added to the URL in the following syntax: http://username:password@www.somewebsite.com/somepage.html.
And if no authentication is required by the site, the user name and password are ignored.
The ISC said the particular URL of this fake site is https://ki54ft.worldispnetwork.com/i.CgI, and that in the spam email promoting it, the URl appears as: https://www.paypal.com:ac=alksdjflakdjflkasdjruoiwehjrlkajdf@KI54fT. WoRlDiSpNeTwOrK.CoM/i.CgI?billing@yourdomain.com
Although the ISC receives almost daily reports of fake PayPal or eBay sites it warned that, because this site appeared to be secure, it appeared more plausible and genuine.
"In most cases, these scam sites are easily spotted as they are not using SSL. Sometimes they attempt to hide this fact by increasing the browser window size to push the lower part of the browser window off the screen, so users will not see the open browser lock," said the ISC.
"However, this latest site uses a valid SSL certificate for the host site. Unless users inspect the certificate in more detail, they will not see the problem."
The fake URL is overly long to hide the actual host name, which comes after the '@' symbol. The misleading text before this is a username and password which will be ignored.
The ISC said that the web page uses a wild card certificate for 'worldispnetwork.com'.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Systems Analysis Project Lead - UML, Agile, Waterfall...
IT Business Analyst - ISEB, PRINCE2 - Southampton, Hampshire...
Predictive Modelling analytics - (SAS) - South-East...
iOs Developer - JEE, cocoa, Objective-C - Midlands (potential...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?