news.netcraft.com — Scammers are exploiting a security flaw in the PayPal web site to steal credit card numbers belonging to PayPal users. The scam tricks users into accessing a URL hosted on the genuine PayPal web site, which has been modified by the fraudsters via a cross-site scripting technique (XSS).
Jun 16, 2006 View in Crawl 4
hodyoatenJun 16, 2006
Geez, why go through all this trouble just to get credit card numbers? Just set up a fake storefront for $150 Wii's or iPods, and just politely cancel orders one after the other. It seems like scammers just try to create work for themselves.
paynexJun 17, 2006
Paypal hasn't been "hacked", like a broken pinata releasing everyone's credits card numbers and bank details onto the internet. This is just another method of getting people to input their details into a paypal-lookalike site. The only clever part is that it all looks like it's secure and encrypted UP TO the point when you enter your details. So you can still check you have a secured connection to paypal.com before you submit any details.
icetigaurusJun 17, 2006
Paypal has been mainstream... ever heard of this site called Ebay?
legion303Jun 17, 2006
"Whatch who you give your password out to."Better advice: don't be a f**king tool and give it out in the first place, or you deserve what you get.
lordatlasJun 17, 2006
Well, don't be a moron and give your password to anyone else. Pretty simple, ain't it?
djbutterflyJun 17, 2006
Never put more than $500 in your paypal account. PayPal is known not to cover anything more than $500 and is known to exercise their talent to deny your loss regardless of circumstances.I fell for same scam trick by mistake. As soon as I realize the mistake, I went to PayPal site using a new window and changed my password immediately within 5 min on the same day. I thought I was safe. But wait! Scammers are better than us geeks! They managed to program to steal my credit card information. They went to my credit card site and register an account. They changed my mailing address online. I discovered my card is denied after I used my card for a retail purchase. The store said zip code was incorrect. After calling my credit card company, I realized they have changed my mailing address and attempted to get my credit card statements redirecting to their scammer's address. With more information from monthly statements, I believed the scammers have more organized stealing scheme. I cancelled my credit card and reported the crime to credit card company, bank and FBI. The only organization that I can't reach is PayPal because you really don't expect to reach their customer service.I met PayPal Chief Security Officer at eBay 10th Annual Conference. I told my story, offered my case to followup on the scammer, and offered my help to further investigate and perhaps to improve their security. He never emailed me back after the conference. At least I have the scammer's Florida address and I could have saved the emails and future emails from the same scammer. It takes a web developer to tap a web scammer.After talking to bank's legal department and security department, my bank told me not to use PayPal because even bank will not help you to fight fraud. Cancel your bank account. Never use PayPay again.PayPal's advise is never open any PayPal email unless email address your name at the top. Don't expect PayPal will help you much via email, phone or at their booth. Never put more than $500 in your PayPal account. Avoid large transaction with PayPal. Be prepare PayPal has the right to freeze your PayPal account without notice and for at least 6 months without any reasons. If you run a business, open a merchant account. Use PayPal only on countries and currencies that your merchant account won't allow.
tmachJun 17, 2006
People dump on PayPal a lot, but I have to say my one and only experience with their customer service/fraud department(s) was a good one. A few years back I bought a laptop at auction, and paid via PayPal. Or rather, I should say, I just PAID for a laptop via PayPal. I never got it. At first I emailed the seller and was told that it would be sent shortly as soon as the funds cleared. This was the first red flag, since "waiting for funds to clear" has never been an issue with PayPal.A couple of days later he mails me and tells me he isn't sending the laptop because PayPal has suspended the transaction and warned him that I'm a deadbeat buyer. Now I know something's up because the money has already been taken from my account (so obviously I'm not passing bad funds) and I have never had any issue with anything I've bought at auction. So I called PayPal (their customer support number was not hidden as some have said in the past) and their rep told me "Oh yeah, there's an investigation going on, but it isn't your account we're investigating." He couldn't tell me exactly why they were suspicious of the other guy, but told me it'd be a good idea not to try buying anything from him again and that my money would be returned soon.The only bad part was, even after the money DID reappear in my account, it was still "on hold" (meaning I could see it, but not use it) for a week or so, until their investigation was done. However, in the end, I had my money back and the bad seller was never heard from again.
arthereOct 16, 2008
Does paypal do anything right? <a class="user" href="http://www.creditcardassociate.com/paypal.html">http://www.creditcardassociate.com/paypal.html</a>
johnfleming12Jun 2, 2009
Lots of people seem to be hating on PayPal. In my experience, the only people that dont like it are those that try to "game" it in one way or another. I love Paypal!<a class="user" href="http://www.premiumsafeidentity.com/">http://www.premiumsafeidentity.com/</a>