You are here: silicon.com > Financial Services > News

PayPal tackles phishing trap

Info thieves hosted malicious code on official website...

Tags: paypal, phishing, phishing scam

By Joris Evers

Published: 19 June 2006 08:25 BST

PayPal has fixed a flaw in its website to block a sophisticated scam designed to obtain sensitive data from members, the payment service said on Friday.

By exploiting the flaw, attackers were able to redirect people from a PayPal web page to an online trap located in South Korea, a representative for the service said. The page actually has a real PayPal URL but hosts malicious code that presents a message warning members that their account had been compromised. It then redirects them to a "phishing" website.

At the malicious, information-thieving website, people are asked for their PayPal login information, experts at Netcraft, an internet monitoring company in England, said in an advisory. Subsequently, the scammers are urged to enter their Social Security number and credit card details, Netcraft said.

A PayPal spokeswoman said in an interview: "As soon as we became aware of this scheme, we changed some of the code on the PayPal website. So this scheme, or any scheme like it, can no longer be effective."

PayPal, a unit of online auctioneer eBay, is working with the ISP that hosts the malicious site to get it shut down, the spokeswoman added. The company has no information on how many people may have fallen victim to the scam, she said.

Joris Evers writes for CNET News.com

Add comment

Print story

Email story

RSS

Okay. As a PayPal account holder, I'm happy that P...
Charlie Orlando Smith

Click here to see all

PayPal users get to buy by text message

PayPal kicks off UK credit card

Where next for PayPal?

PayPal glitch causes duplicate account withdrawals

Gartner: PayPal threatens banking business

In silicon.com

silicon.com Financial Services
Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!

FS News

Take a trip to the future of air travel

Oracle unwraps Fusion Middleware 11g

Online advertisers pledge to tell us what they're after

ATM hack talk pulled from security conference

Visa to Monitise mobile with £13m deal

FS Case Studies

VocaLink makes virtualisation pay

Co-op Group kicks "server sprawl" into touch

Torex tech treats Thorntons to quicker sales

How outsourcing saved Zurich's IT

Betfair betting engine goes supersonic

Lloyds TSB banks on SAP SRM

Jobs

Technical Support Supervisor- EMEA (Based in Reading, UK)

Distributed through its global network of channel partners, Websense software and hosted security solutions help organizations block malicious code, ...

Applications Analyst

Distributed through its global network of channel partners, Websense software and hosted security solutions help organisations block malicious code, ...

IT Graduate

Documentary proof will be requested at interview. Northgate Education works in partnership with a wide range of public, private and voluntary sector ...

FS Commentary

Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO

Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to

Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively

Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...

Peter Cochrane
Peter Cochrane's Blog: How tech can solve the banking crisis
Bring on a machine-based economy

Peter Fawcett
How financial turmoil will shape outsourcing
Comment: Deals on hold and all eyes on cost

Special Report Focus

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.