Hasta La Gadget!

This article was written on June 18, 2006 by CyberNet.

PayPal scams are always flooding our emails and such, but it is being taken to a whole new level now. When users visit this site it has a genuine PayPal address (as pictured above) and the message says “Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.” This message, however, is not actually inserted by PayPal instead it is inserted by the scammers using a cross-site scripting technique (XSS).

You are then forwarded from this page to the fake site that the scammer has setup. At this site you are asked for your username and password which then takes you to a site requesting your social security number, credit card number, expiration date, card verification number and ATM PIN. The external site is not able to disguise itself as PayPal.com but the scammer hopes that you will trust this site since you were just forwarded from a “genuine” PayPal page.

PayPal has already fixed the vulnerability and they are now trying to get the site shutdown which is located in Korea. PayPal says that they currently don’t know how many people have been a victim to this scam but thank goodness it is fixed!

News Source: Netcraft

Copyright © 2010 CyberNet | CyberNet Forum | Learn Firefox

Related Posts:

Gmail Prevents eBay and PayPal Phishing AttemptsYahoo and eBay Team Up to Stop Phishing ScamsHelpful Tip: How to Report a Phishing EmailMobileMe Users Are Going PhishingPayPal Beefing Up Security with Password Key Fobs