According to tech news outlets, fraudsters used a cross-scripting attack to trick PayPal users into revealing their financial information in a recent phishing attack. A security firm called Netcraft posted the news on its site on Friday (http://digbig.com/4jpey), saying it discovered that fraudsters had exploited a security flaw in the PayPal website to collect credit card numbers and other personal information that could be used for identity theft purposes.
Netcraft updated its post later that day, pointing to a News.com article that quotes a PayPal spokesperson saying the company changed code on its site to prevent such schemes, but had no information on how many people might have fallen victim to the scam (http://news.com.com/2100-7349_3-6084974.html).
In March, AuctionBytes reported on a bug on the PayPal website that allowed fraudsters to determine a PayPal member's full name and include it in phishing emails, giving them an air of legitimacy (http://www.auctionbytes.com/cab/abn/y06/m03/i24/s00).
