The Security Detail

Feb 24 2011   3:39PM GMT

PayPal Users Targeted by Phishing Attack…Again

Tony Bradley Tony Bradley Profile: Tony Bradley

It just sort of comes with the territory. If you have a massive financial network online that allows people to transfer money back and forth, the dark side of the Internet is going to recognize the opportunity that presents and take advantage of it. The fact that most of the PayPal users are not all that technically savvy and no little about information security just makes them that much more attractive targets.

Fred Touchette from AppRiver has a detailed breakdown of this latest threat. He notes that this particular PayPal phishing scam is unique in its brazen approach and lack of attempt to hide the source of the attack. “Notice how they request in the email that you enable Javascript and ActiveX? This is so the functionality in the attachment will post your information properly. I can’t say I’ve seen this in the body of a phishing email before. That could be in part to the popularity of plug-ins such as NoScript for Firefox, or the built in script squashing functionality of the Chrome browser that doesn’t allow hidden Javascript to run without approval.”

The phishing email contains the obligatory spelling and grammatical errors that should be red flags to any recipient above the third or fourth grade level. In closing, let me just remind everyone once again not to open file attachments–especially file attachments claiming to be from some financial institution you do business with directing you to fill out some attached form. PayPal, your bank, and any other reputable business will not ask you for sensitive information via email or with a file attachment.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: