Computer Crime Research Center


PayPal security flaw

Date: June 18, 2006
Source: PC Pro
By: Matt Whipp

According to Net monitoring body Netcraft, a security flaw in the PayPal site is allowing phishers to exploit victims via a cross-site scripting attack.

The vulnerability allows the attackers to inject code into the PayPal website. The attackers send a phishing email campaign with a link to a genuine PayPal address that checks out for domain and SSL certificate.

Once the victim visits the PayPal location, the attack displays the follow message on the page: 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.'

The victim is then redirected to the phishing site where they are asked to enter their PayPal credentials and remove any limits to funds being taken out on a fake PayPal log in page. If the victim follows the instructions they enter a range of information, including social security number, credit card number, expiration date, card verification number and ATM PIN - all of which is sent off to the fraudsters.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-01-28 04:39:46 - how can block the ip address !! lora
2006-07-18 14:24:14 - Hi, I own a server along with a block... psydoc
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo