igotthisguitar
Joined: 08 Apr 2003
Location: South Korea (Permanent Vacation)
|
 Posted: Tue Jun 20, 2006 2:50 am Post subject: PayPal Fixes URL Used for Fraud |
 |
|
PayPal Fixes URL Used for Fraud
Barry Levine, newsfactor.com
Mon Jun 19, 2:55 PM ET
According to Internet-monitoring company Netcraft, a security flaw on PayPal's site allowed hackers to steal credit card information from PayPal users.
The vulnerability, first publicly announced on Friday, involved what is known as a cross-scripting attack. Those targeted by the attack received an e-mail, purporting to be from PayPal, that directed them to a special URL on the PayPal servers.
At that page, they encountered an official-sounding notice. "Your account is currently disabled," it reportedly read, "because we think it has been accessed by a third party. You will now be redirected to the Resolution Center."
Users were then taken to a non-PayPal server in South Korea, with a fake log-in page designed to capture private information -- including credit card and Social Security numbers. Users were requested at that site to remove any limits on funds being removed from their accounts.
PayPal said that it has fixed the flaw and has gotten the Korean server shut down. PayPal also said that it was not clear how many people -- if any at all -- had been duped.
"It's pretty awful, actually," said Gartner analyst Avivah Litan. "There's not much consumers can do except monitor their account and watch for visual cues, or download something like the eBay toolbar which warns you about [phishing] sites." |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
