According to tech news outlets, fraudsters used a cross-scripting attack to trick PayPal users into revealing their financial information in a recent phishing attack. A security firm called Netcraft posted the news on its site on Friday (http://digbig.com/4jpey), saying it discovered that fraudsters had exploited a security flaw in the PayPal website to collect credit card numbers and other personal information that could be used for identity theft purposes.
Netcraft updated its post later that day, pointing to a News.com article that quotes a PayPal spokesperson saying the company changed code on its site to prevent such schemes, but had no information on how many people might have fallen victim to the scam (http://news.com.com/2100-7349_3-6084974.html).
In March, AuctionBytes reported on a bug on the PayPal website that allowed fraudsters to determine a PayPal member's full name and include it in phishing emails, giving them an air of legitimacy (http://www.auctionbytes.com/cab/abn/y06/m03/i24/s00).
You may quote up to 50 words of any article on the condition that you attribute the article to
EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com. All other use is prohibited.
Have a question about buying or selling online? Want to get marketing or technical advice? AuctionBytes Discussion Forums are the place to come to get answers to your questions and get advice! Great tips - a refreshing change!
