Phishes, Phlaws and Phurther Network Phollies, (Fri, Jun 16th)
Very phishy business... quite clever, though. This is yet another reminder to web developers to verify all input!
From: SANS ISC
Phishes, Phlaws and Phurther Network Phollies, (Fri, Jun 16th): "Pay Pal Phlaw?
We've recieved a report of a potential flaw in the PayPal website that is being used to steal credit card and other personal information from PayPal users.
The scam works by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.
When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.' After a short pause, the victim is then redirected to an external server, (apparently somewhere in Korean IP space) which presents a very convincing fake PayPal Member log-In page.
Logging in sends the PayPal username and password to the bad guys and causes another page asking for more information (social" ...
From: SANS ISC
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home