US internet monitor Internet Storm Centre (ISC) has warned web users of a fake website capitalising on the PayPal e-wallet system.

The fake site uses a valid secure sockets layer (SSL) certificate to dupe visitors into believing they are accessing a bona fide secure site.

It then compounds the deception by using a CGI script to redirect the user to the actual PayPal login page.

The scam, which hopes to gain information that can be used for identity or credit card fraud, makes use of a well-known technique called URL masking which uses a username and password prefix in the address to fool the unwary.

HTTP URLs can include user name and passwords for http basic authentication, which are added to the URL in the following syntax: http://username:password@www.somewebsite.com/somepage.html.

And if no authentication is required by the site, the user name and password are ignored.

The ISC said the particular URL of this fake site is https://ki54ft.worldispnetwork.com/i.CgI, and that in the spam email promoting it, the URl appears as: https://www.paypal.com:ac=alksdjflakdjflkasdjruoiwehjrlkajdf@KI54fT. WoRlDiSpNeTwOrK.CoM/i.CgI?billing@yourdomain.com

Although the ISC receives almost daily reports of fake PayPal or eBay sites it warned that, because this site appeared to be secure, it appeared more plausible and genuine.

"In most cases, these scam sites are easily spotted as they are not using SSL. Sometimes they attempt to hide this fact by increasing the browser window size to push the lower part of the browser window off the screen, so users will not see the open browser lock," said the ISC.

"However, this latest site uses a valid SSL certificate for the host site. Unless users inspect the certificate in more detail, they will not see the problem."

The fake URL is overly long to hide the actual host name, which comes after the '@' symbol. The misleading text before this is a username and password which will be ignored.

The ISC said that the web page uses a wild card certificate for 'worldispnetwork.com'.