14 DAY TRIAL // PayPal officials have announced the release of a permanent fix meant to prevent future phishing attempts after its users were the target of a successful attack. A cross-site scripting vulnerability in the PayPal site allowed a phishing scheme that harvested credit card information and other personal data belonging to the users of the online payment portal PayPal.
Users were directed to a trap site in South Korea that had a real PayPal URL, were they were informed that their accounts with the service had been compromised, and were redirected to a phishing site that asked for PayPal login information and for the data r5egarding the credit cards used for online transactions.
Experts from the online monitoring an security firm Netcraft have revealed that the phishing site was not only hosted on a real site of the online payment service but was also transmitting a valid 256-bit SSL certificate to confirm that it belonged to PayPal.
"As soon as we became aware of this scheme, we changed some of the code on the PayPal Web site. So this scheme, or any scheme like it, can no longer be effective," said Amanda Pires, a PayPal spokeswoman.