PayPal Scam Site Using Legit SSL
Intrusion detection specialists Internet Storm Center (ISC) on Monday raised an alarm for a fake PayPal site using a valid SSL (define) to dupe users into giving up personal information.

By using a legitimate SSL certificate to masquerade as a PayPal site, scammers are now adopting trickier techniques to perpetuate identify theft that are not as easy to spot, the ISC warned.

The SSL (Secure Sockets Layer) protocol is used by Web sites to obtain confidential user information, such as credit card numbers in a secure, encrypted environment. By convention, URLs that require an SSL connection start with https: instead of http:.

PayPal, the eBay-owned online billing/payment firm, uses SSL to secure its Web-based interaction with millions of users. By using a legitimate SSL certificate to masquerade as a PayPal site, the ISC warns that scammers are now adopting trickier techniques to perpetuate identify theft.

"Usually it is the goal of these sites to extract information from users which will be used in identity theft or credit card fraud. The page is usually advertised via spam and looks just like a regular PayPal/eBay page," the monitoring service said, noting that users are usually directed to a Web site to confirm billing information.

A standard technique to mask the actual URL and make it look valid, the ISC explained, is the addition of username/password prefixes that are prepended to the URL.

In most cases, the scam sites are easily spotted because they are not using SSL. "Sometimes they attempt to hide this fact by increasing the browser window size to push the lower part of the browser window off the screen, so users will not see the open browser lock," the monitoring service noted.

However, the latest scam spotted making the rounds in inbox uses a valid SSL certificate which makes it tougher to spot the fake. The ISC found that the e-mail spam message lures users into going to a URL that looks like a secure PayPal site but it actually uses a CGI script to redirect the user to a fake page.

To spot the scam, users are urged to be wary of overly long URLs that redirect to strange-looking domains, such as https://www.paypal.com:ac=alksdjflakdjflkasdjruoiwehjrlkajdf@KI54fT. WoRlDiSpNeTwOrK.CoM/i.CgI?billing@yourdomain.com.
http://www.internetnews.com/ec-news/article.php/2232421