Computer Crime Research Center


PayPal phishing website

Date: January 14, 2006

In our computerized society, everyday there are threats lurking, hidden, just waiting to catch innocent surfers,in a trap that will cost them dearly, talk here of course about scamming. In recent events a PayPal phishing site has been discovered, which hides its true address from the user. “Two XSS vulnerabilities were identified in the website, which allow an attacker to impersonate legitimate members of Google's services or to mount a phishing attack. Although Google uses common XSS countermeasures, a successful attack is possible, when using UTF-7 encoded payloads."

Even though Google has been notified via email, there has not yet been any official word on a solution to this problem. Although the Google XSS exploit add fuel to the fire, this is still a very dangerous phishing scam. The link below shows a 1024x768 flash film that shows the whole email delivery, thru the Google exploit, and then the execution of the scam.

The video is about 18 megabytes, so depending on the internet connection; it may take up to a few minutes. Digital Lifestyle Magazine asks any reader to proceed with caution, and notify other members of our technological community of this threat.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo