PayPal Fills Phishing Hole

The online payment specialist said it has fixed a glitch that allowed phishers to mislead customers and potentially steal their information.

Online payment company PayPal reported that it has fixed a Web site glitch through which the operators of a phishing scheme had been attempting to steal personal data of the company's customers.

According to officials for the eBay subsidiary, PayPal updated coding on its Web site to block a vulnerability that phishers based in South Korea had been exploiting in an effort to rip off its members.

The sophisticated threat attempted to lure unsuspecting users to a URL hosted on PayPal's legitimate Web site that had been altered by cyber-criminals using a so-called cross-site scripting attack.

Using such attacks, criminals seek out vulnerabilities in legitimate Web pages and add their own code in order to append their own content to the sites or redirect users to other fraudulent sites.

The schemes can also steal information stored as so-called Web browser cookies, which often contain user names, passwords and other sensitive data.

This article was originally published on 06-19-2006
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.