PayPal attacked by next gen phishing scam

PayPal acted swiftly to shut down an elaborate phishing scam that used PayPal's own URL and website to fool customers into handing over personal details. However, the eBay subsidiary cannot say how many customers have been fooled by the elaborate hoax that seems to represent the next generation in internet fraud. British-based based internet monitor Netcraft reported that the scam works by injecting a fake error message into the real PayPal site warning users that their account has been disabled due to unauthorized access by a third party. A valid 256-bit SSL certificate was presented that confirmed the site belonged to PayPal, despite some of the page content having been modified through cross-scripting by the fraudsters. The user was then redirected to a fake “Resolution Centre” site where they are asked to login, thereby sending their username and password to the scammers.

Advertisement