By Joris Evers, 19 June 2006 08:25
NEWS
PayPal has fixed a flaw in its website to block a sophisticated scam designed to obtain sensitive data from members, the payment service said on Friday.
By exploiting the flaw, attackers were able to redirect people from a PayPal web page to an online trap located in South Korea, a representative for the service said. The page actually has a real PayPal URL but hosts malicious code that presents a message warning members that their account had been compromised. It then redirects them to a "phishing" website.
At the malicious, information-thieving website, people are asked for their PayPal login information, experts at Netcraft, an internet monitoring company in England, said in an advisory. Subsequently, the scammers are urged to enter their Social Security number and credit card details, Netcraft said.
A PayPal spokeswoman said in an interview: "As soon as we became aware of this scheme, we changed some of the code on the PayPal website. So this scheme, or any scheme like it, can no longer be effective."
PayPal, a unit of online auctioneer eBay, is working with the ISP that hosts the malicious site to get it shut down, the spokeswoman added. The company has no information on how many people may have fallen victim to the scam, she said.
Joris Evers writes for CNET News.com
Comments
There is 1 comment. Join the discussion
1. Charlie Orlando Smith
Okay. As a PayPal account holder, I'm happy that PayPal has updated the security offered by their web site's code. However, what is PayPal doing to track down the criminals who caused them (and all of PayPal's account holders) to be targets of theft? I mean, its nice to secure the web site -- but PayPal -- and all companies that are victims of thieves -- need to pursue the criminals vigorously afterward. Otherwise, these companies are still falling far, far short in their corporate duty to their clientele. After all, their lack of security in the first place allowed their customers to get robbed. So, the companies owe it to their customers to pursued the criminals, prosecute them and extract some kind of justice that will satisfy those customer's who allowed to be robbed.