It is reported that PayPal has fixed a flaw in its website to block a sophisticated scam designed to obtain sensitive data from members.
Attackers were able to redirect people from a PayPal Web page to an online trap located in South Korea, a representative for the service said. The page actually has a real PayPal URL, but hosts malicious code that presents a message warning members that their account had been compromised. It then redirects them to a "phishing" Web site.
At the malicious, information-thieving website, people are asked for their PayPal login information, experts at Netcraft, an Internet monitoring company in England, said in an advisory. Subsequently, the scammers are urged to enter their Social Security number and credit card details.