Slashdot Mirror

← Back to Stories (view on slashdot.org)

PayPal Security Flaw Allows Identity Theft

Posted by ryuzaki0 on from the watch-your-back dept.

miller60 writes "Phishing scammers are actively exploiting a security flaw in the PayPal web site to steal credit card numbers belonging to PayPal users. The scam tricks users into accessing a URL hosted on the genuine PayPal site, which presents a valid 256-bit SSL certificate confirming that the site belongs to PayPal. However, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique, and victims are redirected to a spoof site that requests their account details."

3 of 212 comments (clear)

  1. how?? by zimsters · · Score: 3, Interesting

    "by tricking users into accessing a URL hosted on the genuine PayPal web site" How are hackers injecting this code into a legitimate paypal website?? Don't you have to modify the source code on the paypal servers themselves?

    --
    Bored?
  2. Or worse, a brokerage debit card. by vinn01 · · Score: 3, Interesting


    I used to have a brokerage debit card. It withdrew funds from my money market account. It was an insane risk to use that card. It would have been a jackpot if thieves got that number. And my financial life would have been in ruins for months.

    Since the bubble burst, I don't have to worry about having a lot of money in a money market account.

  3. I'd like to know... by pongo000 · · Score: 3, Interesting

    ...why it is that whenever I log into PayPal, the number of PayPal-phishing e-mails suddenly increases over the next few minutes? It's as if something is monitoring traffic destined for PayPal (a compromised router, perhaps?) and is automatically triggering phishing e-mails to the originating IP.

    Has anyone else seen this?