|
Press ReleaseMarch 15th , 2004 Please let us know if you use a Press Release
|
|
||
A phisher's dream come true? eBay and Paypal admit user accounts compromise
eBay announce that several of Paypal's merchant account passwords have been acquired and users' details are at risk... eBay have posted an announcement on their community board stating that several merchant accounts may have been accessed by 'third parties' after acquiring the account passwords. Merchant accounts hold detailed information of transactions between Paypal accounts, eBay state that this means that information about other Paypal users including first and last name, mailing address, email address, and information about the transaction was available to those who broke into those merchant accounts. The announcement was made on the US site only, leaving many world wide users unaware. Of-course, the story is potentially much worse given that detailed information would be available about the Paypal users and all transactions made during the last 12 months. This information actually includes the users' verified status, transaction numbers or IDs, dates and times of the transactions, the users' full postal address and, in some cases, a customer contact telephone number! Not to mention ... portions of the accessed account holder's credit/debit card and bank account numbers and notes added to the transaction by users. This really could enable well formed phishing scams to net a serious percentage of victims. While eBay and Paypal do not give any indication of the number of merchants accounts that have been breached, they do not indicate that it is limited to a small number, which they would otherwise be keen to stress if it were the case. Just think of the membership numbers, more than 20 million ... even a small percentage is a lot. Neither do eBay or Paypal indicate how the merchant account passwords were acquired, but if it was in the usual fashion - involving near daily quotas of spoof emails to mail recipients around the globe - its very unlikely that the announcement would have even been made at all. With the information that would have been at the finger tips of whoever entered these accounts, they could form near perfect spoofed email with detailed account and transaction details to convince recipients to visit well formed but bogus Paypal or eBay web pages which may further utilise browser vulnerabilities to give the appearance of being entirely genuine. Once there, and in keeping with modus operandi of these phishing scams, they would likely be faced with a page or more that insist on them providing more of their personal and financial information. With this kind of security breach, and armed with the information that it presents fraudsters with, together with the existing vulnerabilities that exist in some internet browsers, Paypal and eBay users really are under serious threat. Users of both sites should now treat each email from them with great suspicion. Account holders should never use any link provided in one of their emails, only ever enter their sites by typing the URL directly into the browser address bar. And always follow our advice...
Avoid becoming a victim of a Phishing Scam by following these simple rules ...
PayPal has set
up a dedicated email address and toll-free phone number for customer questions
and concerns at customerservice@paypal.com or 1-866-648-5872 (USA). Of-course
the telephone number is only toll free to residents of the USA. |
|||
 |
|||
| © Copyright
Oxford Information Services Ltd. All Rights Reserved. All other logos and trademarks in this site are property of their respective owners |
|||
 |
|
|
|
Treat
all email with suspicion - What you see in the email body can be forged, the
sender's address or return address can be forged and the email header can also
be manipulated to disguise its true origin