Netcraft warns of PayPal security flaw

By Matt Whipp

Posted on 16 Jun 2006 at 18:21

According to Net monitoring body Netcraft, a security flaw in the PayPal site is allowing phishers to exploit victims via a cross-site scripting attack.

The vulnerability allows the attackers to inject code into the PayPal website. The attackers send a phishing email campaign with a link to a genuine PayPal address that checks out for domain and SSL certificate.

Once the victim visits the PayPal location, the attack displays the follow message on the page: 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.'

The victim is then redirected to the phishing site where they are asked to enter their PayPal credentials and remove any limits to funds being taken out on a fake PayPal log in page. If the victim follows the instructions they enter a range of information, including social security number, credit card number, expiration date, card verification number and ATM PIN - all of which is sent off to the fraudsters.

The server running the scam is located in Korea. There was no information on the PayPal site at the time of writing regarding the scam.

Netcraft said it became aware of the phishing attack through a report via its toolbar. It says that those using the toolbar are now protected as it blocks access to the URL in question.

The Netcraft toolbar is free and available from the company website.