PayPal Security Flaw Makes eBay and PayPal Users Vulnerable to Phishers


A flaw on PayPal's website could help scammers who send out "phishing" emails by allowing them to determine a PayPal member's full name and include it in hoax emails, giving them an air of legitimacy.

AuctionBytes discovered the URL with the vulnerability on Friday evening when it was sent in by an anonymous user. Adding a PayPal member's email address to the end of that specific PayPal URL causes a box to appear with that member's full name. Entering an email address of a non-member brings up an error message. There is no need to log into PayPal to access that URL, and it isn't clear what the page is designed to accomplish. PayPal Security Flaw Makes eBay and PayPal Users Vulnerable to Phishers

Linked by shanmuga Monday, 27th March 2006 10:12PM