The Inquirer-Home

Paypal gets hit with a sophisticated phishing attack

Able to bypass browser security
Mon Mar 21 2011, 10:08

ONLINE PAYMENT SERVICE Paypal has been the victim of a sophisticated phishing attack, according to the US Computer Emergency Readiness Team (US-CERT).

The attack, which is also being used to target Bank of America, Lloyds and TSB, is sent as part of an HTML attachment with unsolicited emails claiming to be legitimate.

The key difference between this attack and similar phishing attempts is that it locally stores the phishing webpage, rather than redirecting the user to a specific URL, which can be caught by anti-phishing measures built into many popular web browsers. Storing the website locally allows the attack to completely bypass browsers' anti-phishing defences.

US-CERT recommends that users be extra cautious online, particularly with personal information. It suggests that users should not open links and attachments in unsolicited emails, and should also attempt to verify that the email is legitimate by contacting the organisation in question or logging in directly through official websites only. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?