also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

PayPal fixes URL problem used for crime

By Derek Sooman

On June 20, 2006, 6:58 AM

PayPal claims to have now fixed a vulnerability on their site that could have allowed malicious attackers to steal credit card information from PayPal users. Obviously something that PayPal wanted to stamp out immediately, the flaw involved a cross-scripting attack and saw targeted users getting an e-mail, purporting to be from PayPal, which directed them to a special URL on the PayPal servers. Once they loaded that page, they were given a message that their account had been disabled, and directed to a non-PayPal server in South Korea, with a fake log-in page. This page then harvested private information from the user, such as credit card and Social Security numbers.

The company claims to have now fixed the problem on their servers, and had the Korean server shut down. What remains unknown is how many, if any, users were tricked by this.

"It's pretty awful, actually," said Gartner analyst Avivah Litan. "There's not much consumers can do except monitor their account and watch for visual cues, or download something like the eBay toolbar which warns you about [phishing] sites."
PayPal is warning its users only to enter personal information relating to PayPal services on URLs that begin with https://www.paypal.com/.

No tags on this story

5 comments

User Comments: 5

Got something to say? Post a comment
  1. June 20, 2006 7:53 AM
    DragonMaster said:
    Wasn't it a few days ago?
    Reply
  2. June 20, 2006 2:26 PM
    Phantasm66 said:
    [b]Originally posted by DragonMaster:[/b][quote]Wasn't it a few days ago? [/quote]AFAIK this was reported as a problem several days ago, but the fix made the news today.
    Reply
  3. June 20, 2006 4:16 PM
    DragonMaster said:
    The problem was reported days ago, and was fixed days ago also. It just appeared here a bit late.
    Reply
  4. June 20, 2006 4:27 PM
    canadian said:
    I wonder if the new google thing will attract so many spammers, and scammers.
    Reply
  5. June 20, 2006 5:30 PM
    DragonMaster said:
    All depends of the security of the system. Google didn't have much problems with this so we'll see! Better wait to see it getting more popular first.
    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on PC Games

Downloads and Drivers

Downloads   Drivers  

WinMPG Video Convert 9.3.5

TurboFTP 6.30.940

Wise Youtube Downloader 1.23

System Cleaner 7.3.2.280

aTube Catcher 3.8.1390

More Downloads

Latest Discussion

Moar Free Dota2 6 replies on Gaming

Graphics Card Question 5 replies on Audio and Video

Unsure if my new graphics card will work with my PC 7 replies on Audio and Video

Which is the best smartphone to buy? 14 replies on Mobile Computing

Keep getting Windows not valid popup 25 replies on Windows OS

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.