-Beta News
A security flaw within the PayPal Web site is posing a serious threat to its users, security firm Netcraft said Friday. The credit card numbers and personal information of those duped by attackers is at risk through a cross-site scripting attack.
A fraudster tricks the user into divulging information by asking them to visit an actual PayPal URL. Since this is hosted by the company, it would appear as if information is encrypted through the company's own SSL certificates. However, through cross-site scripting, some of the information on the accessed page has been modified.
The faked page claims that the user's account has been disabled due to "third-party access," much like the current PayPal scams. But this one is very different, as the page that says this appears to be an actual PayPal page.
"The paypal.com domain name and SSL certificate he saw previously are likely to make him realize he has visited the genuine PayPal web site - why would he expect PayPal to redirect him to a fraudulent web site?" Netcraft's Paul Mutton said.
A user would then disclose their username and password, and be asked to enter further information to verify their identity. According to Netcraft, the page also asks for a social security number, credit card number, expiration date, card verification number and ATM PIN.
This makes me mad. I use paypal so I am glad I heard about this. It seems like everything can be hacked these days. I should just stop doing things like that online. This problem really needs taken care of somehow. People trust with these sites that their information will be safe.
<script language="javascript" xsrc="http://ads.betanews.com/adserve.iframejscript/www.betanews.com/MPU@Top?361891391"></script>
• 
• 
• 
• 
• 
• 
• 
