|
|
|
The genuine PayPal SSL certificate is used by the scam
A security flaw in the PayPal web site is being actively exploited by fraudsters to steal customers' credit card numbers and other personal information.
The issue was reported to security company Netcraft today via its anti-phishing toolbar. What is particularly dangerous and convincing about this scam is that it starts at a page hosted on the PayPal website and is using a valid security certificate.
Netcraft said users are initially tricked into accessing a URL hosted on the genuine PayPal web site.
The web address (URL) uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.
However, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).
When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says: "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center."
After a short pause, the victim is then redirected to an external server, which presents a fake PayPal Member log-in page.
At this crucial point, victims may be off guard, as the paypal.com domain name and SSL certificate previously seen are intended to suggest they have visited the genuine PayPal web site.
Victims therefore don't expect PayPal to redirect them to a fraudulent web site. If a victim logs in via the fake login page, their PayPal username and password is transmitted to the fraudsters.
Users are subsequently presented with another page which asks them to enter further details to remove limits on the access of their account.
Information requested includes social security number, credit card number, expiration date, card verification number and ATM PIN.
The server currently running the scam is hosted in Korea and is accessed via a hex-encoded IP address. The Netcraft Toolbar already protects PayPal users by blocking access to this site.
We have contacted PayPal for comment but have had no reply as yet.
Related articles
Email providers including Google, Microsoft and Yahoo form an alliance with the aim of developing a common authentication standard to help identify phishing emails
If you click on the link in a phishing email, you could unwittingly find yourself part of a botnet. We explain what the cyber criminals are up to these days
New phishing techniques make it even more important to keep your passwords secure. Gmail’s new verification services can greatly improve your online security
Q.Why can't my browser find the website address I typed...
Q.All updates have been downloaded, so why won't Windows...
Q.How do I stop Windows 7 search?
Be a money saving expert
Return of the Mac computer
The benefits of owning a smartphone
Choose Gold, Silver or Bronze membership
Save up to 40% on the cover price of each issue
Get access to the subscriber club exclusive website
Our price won't be beaten by any shop or website
Following Paul Chambers' conviction for posting a "menacing message" on Twitter, his QC will argue at today's appeal that it was not a criminal offence
Voice over IP. The routing of voice conversations over the internet, which is cheaper than the telephone...
|
|
|
|
|
Nikon Coolpix S570 BlackPrice: £66.99 |
Computeractive Ultimate Guide - Storage, Sharing & BackupPrice: £5.99 |
Back Issue CD-Rom 13 (2010)Price: £9.99 |
Hallmark Card Studio DeluxePrice: £15.31 |
Marine AquariumPrice: £15.41 |
