The Inquirer-Home

Paypal gets hit with a sophisticated phishing attack

Able to bypass browser security
Mon Mar 21 2011, 10:08

ONLINE PAYMENT SERVICE Paypal has been the victim of a sophisticated phishing attack, according to the US Computer Emergency Readiness Team (US-CERT).

The attack, which is also being used to target Bank of America, Lloyds and TSB, is sent as part of an HTML attachment with unsolicited emails claiming to be legitimate.

The key difference between this attack and similar phishing attempts is that it locally stores the phishing webpage, rather than redirecting the user to a specific URL, which can be caught by anti-phishing measures built into many popular web browsers. Storing the website locally allows the attack to completely bypass browsers' anti-phishing defences.

US-CERT recommends that users be extra cautious online, particularly with personal information. It suggests that users should not open links and attachments in unsolicited emails, and should also attempt to verify that the email is legitimate by contacting the organisation in question or logging in directly through official websites only. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?