Paypal has blocked a sophisticated attack that tricked users of the online payment service into visiting a phishing site.
The flaw in the PayPal website allowed cyber-criminals to host a page on PayPal's website. The web pages appeared with a genuine SSL certificate to lull users into a false sense of security.
Malicious code on the fake page warned people that their PayPal account had been compromised. People were then redirected away from the genuine PayPal site to a phishing site hosted in South Korea.
Here victims were asked for their PayPal login information. According to internet monitoring company Netcraft, which first raised the alarm about the attack on Friday, people were also asked to enter their Social Security number and credit card details.
PayPal said as soon as it had been alerted to the flaw it changed some code on the PayPal website to block the scam. The online financial service also said it was working with the internet service provider that hosts the malicious site to get it shut down.
However PayPal said it had no idea how many people may have been victims of the scam.
Also see:
Fraudsters
hijack PayPal's site in phishing attack
Do you agree?
Have your say on this article