ONLINE PAYMENT SERVICE Paypal has been the victim of a sophisticated phishing attack, according to the US Computer Emergency Readiness Team (US-CERT).
The attack, which is also being used to target Bank of America, Lloyds and TSB, is sent as part of an HTML attachment with unsolicited emails claiming to be legitimate.
The key difference between this attack and similar phishing attempts is that it locally stores the phishing webpage, rather than redirecting the user to a specific URL, which can be caught by anti-phishing measures built into many popular web browsers. Storing the website locally allows the attack to completely bypass browsers' anti-phishing defences.
US-CERT recommends that users be extra cautious online, particularly with personal information. It suggests that users should not open links and attachments in unsolicited emails, and should also attempt to verify that the email is legitimate by contacting the organisation in question or logging in directly through official websites only. µ