Online payment service provider PayPal has announced that it has fixed a serious security vulnerability on its websites to prevent phishing attacks.
Exploiting this security flaw could allow malicious attackers to redirect users accessing a PayPal website to an “online trap” hosted in South Korea.
The dangerous website used by attackers contains a legitimate PayPal URL but also includes malicious code that displays a warning message to users, claiming that their payment account has been compromised. In reality, this website serves the purpose of online phishing.
When redirected to these websites, victims are prompted to enter their PayPal account login information, Netcraft experts noted in a warning bulletin.
“As soon as we became aware of the security vulnerability and this new phishing attack method, we implemented changes to some of the code on our websites. This type of phishing attack or similar methods are no longer effective,” Amanda Pires, a spokesperson for PayPal, asserted in an interview.
Hoàng Dũng
