PayPal scam targets web users

Web users need to watch out for fake sites for online payment company PayPal, which try and fool you into revealing your personal details.

Internet Storm Centre (ISC), a US-based site which monitors internet security, has issued a warning about a fake PayPal website which uses a valid secure sockets layer (SSL) certificate.

SSL technology is used by websites to obtain confidential customer information, such as credit card numbers, via a secure webpage.

The fake page, advertised via email, looks like a genuine page for PayPal and even redirects you to the actual PayPal login page.

ISC said such scams, which use a technique called URL masking, "are usually easily spotted as they are not using SSL" - however, the latest site uses a valid SSL certificate.

"Unless users inspects the certificate in more detail, they will not know see the problem," warns the ISC. But said "the fake URL is overly long to hide the actual host name, which comes after the '@' symbol".