The Net monitoring body Netcraft discovered a security flaw in the PayPal site which is allowing phishers to exploit victims.
If you visit the PayPal site you may get the message : 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.' This is followed by a redirect to a fake PayPal log in page which is in fact a phishing site located in Korea and you are asked to enter your PayPal credentials and remove any limits to funds being taken out. It goes without saying really but DO NOT COMPLETE ANY INFORMATION and leave the site.
I couldn't find information regarding the scam on the PayPal site at the time of writing so I'm not quite sure how you can make your intended payment beyond contacting PayPal direct which is of bu**er all point if your making a last minute bid on ebay!!!
__________________
YOUTH are the future
****
"The worst thing you can do is make a committment and not meet it and I understand that." Barrie Hobbins 14 August 2010
Not having used Paypal for a few months I bought something a couple of weeks ago and got an e mail asking me to confirm a payment to Altavista internet. I forwarded this to paypal who confirmed it was a fake. I did post a warning on connie south board at the time maybe should have posted here as well. My advice would be if you get ANY e mails from paypal do not click on the links but log in your usual way. Best to be safe than broke!!
these have been around for years and courtesy of some html, provide a link to a fake log in screen that emails your passwords to the criminals who own the site.
Paypal is safe, just do not click links in any emails claiming to be from paypal, ebay, netteller or any banks etc.
-- Edited by JgFc at 18:09, 2006-06-17
__________________
Alexander O'Neal 1987 "I'm fed up cos all you wanna do is criticize "
I agree 100% with what you have said JgFc but the new twist is that the users actually get this message when they visit the PayPal site. As I have said in the past I don't have a detailed knowledge of the technical side of the internet though I have sufficient to understand what is going on in most cases. The actual wording from yesterdays PC Pro item which may well mean more to you than me was as follows
"... a security flaw in the PayPal site is allowing phishers to exploit victims via a cross-site scripting attack.
The vulnerability allows the attackers to inject code into the PayPal website. The attackers send a phishing email campaign with a link to a genuine PayPal address that checks out for domain and SSL certificate.
Once the victim visits the PayPal location, the attack displays the follow (sic) message on the page: 'Your account is currently disabled because ...”
I would hope that all posting on here are aware enough not to respond to emails purporting to be from Banks, PayPal etc. but actually logging onto a site and being phished is a new one on me.
__________________
YOUTH are the future
****
"The worst thing you can do is make a committment and not meet it and I understand that." Barrie Hobbins 14 August 2010
PayPal went into action as soon as the flaw was discovered and all is now OK.
Amanda Pires, a PayPal spokeswoman, said in an interview yesterday "As soon as we became aware of this scheme, we changed some of the code on the PayPal Web site. So this scheme, or any scheme like it, can no longer be effective".
She also reported that PayPal is working with the Internet service provider that hosts the malicious site to get it shut down.
__________________
YOUTH are the future
****
"The worst thing you can do is make a committment and not meet it and I understand that." Barrie Hobbins 14 August 2010
