PayPal security warning

News

PayPal security warning

Tash Shifrin

Fraudsters are exploiting a bug in the PayPal online payments website to steal users credit card and personal details, security experts have warned.

Internet services firm Netcraft warned that the phishing scam worked by luring users to a web page hosted on the official PayPal website. The URL uses encryption and presents a security certificate confirming that the site belongs to PayPal. But the page content has been modified by fraudsters, Netcraft said.

Victims read a message “injected” onto the PayPal site, saying, “Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.”

The user is then redirected to a fake PayPal log-in page hosted on an external server, based in Korea.

Logging into the fake site transmits the victim’s PayPal username and password to the fraudsters. A further webpage then requests details including social security number, credit card number, expiration date, card verification number and cash card Pin.
 
PayPal has been repeatedly targeted by phishers trying to steal account holders’ log-in and financial details, and parent company eBay has made a series of requests to internet service providers to shut down servers hosting PayPal scams.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy