The issue was publicised by Netcraft, and PayPal swiftly fixed it. However it is unclear how many people lost personal details because of it.
The scam involved tricking users into accessing a URL hosted on the real PayPal web site. This URL used SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate was presented to confirm that the site does indeed belong to PayPal. But the content on the page was been modified by the fraudsters via a cross-site scripting technique (XSS).
When the victim visited the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." They are then redirected to an external server in Korea, which presents a fake PayPal Member log-In page and anything the punter taps in is given to the hackers.
Punters could be forgiven for falling for the scheme because they would have had in their possession a correct PayPal certificate and domain name.
PayPal has had a few words with the Korean ISP and is getting the server shut down. However it says it has dealt with the problem on its site.
More here. µ
Sign up for INQbot – a weekly roundup of the best from the INQ