June 19, 2006

eBay's Paypal has reportedly blocked a sophisticated attack that lulled users of the Internet payment service into visiting a rogue phishing Web site. The security hole in PayPal could have allowed hackers to host a page on PayPal's site. The pages appeared with a genuine SSL 128-bit certificate to trick users into a false sense of security.

Malicious code on the fake page warned people that their PayPal account had been compromised. People were then redirected away from the genuine PayPal site to a phishing site hosted in South Korea.

Here victims were asked for their PayPal login information. According to internet monitoring company Netcraft, which first raised the alarm about the attack on Friday, people were also asked to enter their Social Security number and credit card details.

PayPal said as soon as it had been alerted to the flaw it changed some code on the PayPal website to block the scam. The online financial service also said it was working with the internet service provider that hosts the malicious site to get it shut down.

However PayPal said it had no idea how many people may have been victims of the scam.

Source: Vnunet

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.