Embarrassing security failure at PayPal

The H-Security: Until just a few days ago, web sites belonging to the world’s largest online payment service contained a security vulnerability in a key component that could have been exploited by fraudsters to steal information from customers. PayPal fixed the vulnerability shortly after being notified of its presence by The H’s associates at heise Security. The eBay subsidiary was, however, unable to give any information on how such a serious security problem could have remained undetected....

March 22, 2012 · 2 min · 303 words · Omid Farhang

Paypal’s advise: “Use your bank account for your Paypal-payments”. Really ?!

Righard Zwienenberg, Chief Research Officer at Norman posted this on Norman Security Blog, Thanks to Mr.Fagerlid for sharing: I have been a user of PayPal for many years, actually ever since PayPal opened its services for international users. PayPal, originally only for US citizens, is now used worldwide with local offices in many countries. From the Dutch affiliate, I just received the next message from PayPal (the actual message was in Dutch, see picture below):...

December 1, 2010 · 3 min · 612 words · Omid Farhang

Buggy Paypal phishing

Usually I have to wonder how much inventiveness the spammers and Phishers show. But, from time to time, it is funny to see some really stupid Phishing attempts. I do hope that nobody is falling for these puny attempts to fake Paypal we found today. The email below is being sent with a German subject line and it is pretending to come from a German mail address, but the mail itself is written in English and it is allegedly pointing to paypal....

October 12, 2010 · 1 min · 171 words · Omid Farhang

PayPal Phish

PayPal users are at risk of getting their credentials stolen if they follow instructions given in a scam email. “We have reason to believe that your account was accessed by a third party…. PayPal will verify it with your bank records for your own protection. If you provide a wrong PIN your account will be suspended or limited for unauthorized account access.” ” Please visit the Resolution Center and complete the steps to remove limitations....

May 4, 2010 · 1 min · 107 words · Omid Farhang