PayPal security warning


PayPal security warning

Tash Shifrin

Fraudsters are exploiting a bug in the PayPal online payments website to steal users credit card and personal details, security experts have warned.

Internet services firm Netcraft warned that the phishing scam worked by luring users to a web page hosted on the official PayPal website. The URL uses encryption and presents a security certificate confirming that the site belongs to PayPal. But the page content has been modified by fraudsters, Netcraft said.

Victims read a message “injected” onto the PayPal site, saying, “Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.”

The user is then redirected to a fake PayPal log-in page hosted on an external server, based in Korea.

Logging into the fake site transmits the victim’s PayPal username and password to the fraudsters. A further webpage then requests details including social security number, credit card number, expiration date, card verification number and cash card Pin.
PayPal has been repeatedly targeted by phishers trying to steal account holders’ log-in and financial details, and parent company eBay has made a series of requests to internet service providers to shut down servers hosting PayPal scams.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy