PayPal has found a phony URL on its site that was being used by fraudsters to steal credit card numbers and other personal information belonging to PayPal users.

By exploiting the flaw, attackers were able to redirect people from a PayPal Web page to an online trap located in South Korea, a representative for the service said. The page actually has a real PayPal URL, but hosts malicious code that presents a message warning members that their account had been compromised. It then redirects them to a "phishing" Web site.

The issue was publicised by Netcraft, and PayPal swiftly fixed it. However it is unclear how many people lost personal details because of it.

Source: The Inq (http://www.theinq.net/?article=32493) and C|Net News (http://news.com.com/PayPal+fixes+phishing+hole/2100-7349_3-6084974.html)

That's a really bad flaw. How did Paypal let this happen?

Payapl is a great, though many issues is always fraud. They have so much already and they found this problem,I give them props, though the question like they asked, how many people are a little screwed?

on one side I feel bad for the people that fell for it, but on the other side I kind of don't because they should know better then to re-enter all their information without even questioning it. I know that if I was directed to a page that said my account was comprimised I wouldn't then start entering information onto the page. I would e-mail paypal and ask them WTF is up.

Meh... Its not that easy, most people dont know thats the problem, paypal usaully tells when scams are up, as I use paypal alot, I have always known never to re-enter the givin information on a email, i usaully call them..

i use paypal alot and this never happened to me ....phew

PayPal = eBay (Wholly owned subsidiary). I use them a lot, but miss the days when they made money strictly on interest accrued from people holding money in thier accounts. That business model couldn't last long. I just wish thier fees were more reasonable, but it's the credit card processing centers to blame for that, plus the need to please shareholders. Too bad Western Union can't compete. I'm rambling now.

There are all sorts of Phishing scams involving eBay -I've personally gotten notes saying my account was compromised and I need to log onto eBay - the link went directly to a page looking EXACTLY like eBay sign-in. The tell was that it wasn't secure, and the URL didn't even have "eBay" in it (duh). After seeing a few of them, I actually emailed someone about an item up for auction and the poor guy wasn't even auctioning anything - his account was hijacked... I used the eBay contact link, while the page said to contact using a link in the item content. That link of course sent email to the scammers - the deal looked too good to be true - and it was.

Sorry for the lengthy diatribe...

It is not secure EVER to give such information on the web,So why not change the way they do comercial trades,for instance how about they give us theyre account number and later we pay for the goods on a traditional bank or ATM´s...?

95% of the public is stupid, next!

95% of the public is stupid, next!

This however gets around the "checks" the public has been given to double check many things in regards to paypal transactions.

Someones gettin fired for this one... :roll:

But I think you seem to be including youself with that generalization? :laugh:

i use paypal alot and this never happened to me ....phew
That is what u think,but perhaps they already as yours account info and checked it and find it wortheless to still from u...Perhaps...