PayPal Security Flaw Leads Identity Theft: Netcraft
Using a cross-site scripting attack, phishers are able to take advantage of victims thanks to a security flaw in the PayPal website, claims Internet monitoring organization Netcraft.
The following message is displayed on the page once the victim accesses the PayPal website: “Your account is currently disabled because we believe it has been accessed by a third party.” You’ll be taken to Resolution Center right away.
The victim is then taken to a phishing website where they are prompted to enter their PayPal login information and remove any restrictions on withdrawing money. Following the instructions requires the victim to enter a variety of data, including their social security number, credit card number, expiration date, card verification number, and ATM PIN. All of this data is sent to the fraudsters.
The scam’s operating server is situated in Korea. At the time this article was written, there was no information about the scam on the PayPal website.According to Netcraft, it learned about the phishing attack from a report made possible by its toolbar. It claims that because it restricts access to the URL in question, toolbar users are now protected.
The Netcraft toolbar can be downloaded for free from the business website.