Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Phishes, Phlaws and Phurther Network Phollies - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Phishes, Phlaws and Phurther Network Phollies
Pay Pal Phlaw?

We've recieved a report of a potential flaw in the PayPal website that is being used to steal credit card and other personal information from PayPal users.

The scam works by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.

When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, (apparently somewhere in Korean IP space) which presents a very convincing fake PayPal Member log-In page.

Logging in sends the PayPal username and password to the bad guys and causes another page asking for more information (social security number, credit card number ...) to remove the limits on the access of thier account.

More to come as we confirm information.


FDIC Phish

Juha-Matti dropped us a link to a newly added US-Cert Advisory detailing a scam targeting customers of FDIC insured institutions.






Chris

140 Posts

Sign Up for Free or Log In to start participating in the conversation!