PayPal vulnerability leaves users open to fraud

By Justin Mann on
PayPal users be cautioned, there is another security vulnerability that has been discovered with the PayPal system that goes a step beyond the “Your account is disabled” e-mails. This phishing technique actually uses a valid PayPal URL and even provides a valid security certificate, but uses an injection technique to override PayPal's page and redirect to a 3rd-party site. Due to the browser having valid URLs, many could easily be fooled into supplying the 3rd-party site with PayPal credentials, of course leaving them open to being ripped off. As the warning mentions, people using the Netcraft toolbar won't be affected as it automatically blocks the 3rd-party site (now that it has been discovered), but many others probably won't be so lucky

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.