PayPal users be cautioned, there is another security vulnerability that has been discovered with the PayPal system that goes a step beyond the “Your account is disabled” e-mails. This phishing technique actually uses a valid PayPal URL and even provides a valid security certificate, but uses an injection technique to override PayPal's page and redirect to a 3rd-party site. Due to the browser having valid URLs, many could easily be fooled into supplying the 3rd-party site with PayPal credentials, of course leaving them open to being ripped off. As the warning mentions, people using the Netcraft toolbar won't be affected as it automatically blocks the 3rd-party site (now that it has been discovered), but many others probably won't be so lucky