Internet financial service PayPal has warned some of its customers to watch out for scams after their e-mail addresses got leaked online and potentially harvested by phishing scammers.
PayPal said the leak occurred most likely because BenchmarkPortal, a survey service provider PayPal works with, may not have corrected an opt-out form it provides, a form showing a customer's e-mail address to anyone who guessed BenchmarkPortal's survey identifier for the customer.
"Even first and last names are only kept on our own servers," PayPal spokeswoman Sara Bettencourt told reporters. "All sensitive financial information resides on our servers, and none of that information was ever accessed."
Just how many e-mail addresses were affected PayPal wouldn't say, though they called the breach "extremely limited," but PayPal has been a particular favorite of phishers using faked messages and Web pages made to resemble PayPal properties in bids to trick Netizens into giving up personal information for fraudulent purposes.
Most recently, phishers using PayPal identifiers and logos and appearances tried to trick e-mailers out of such information with a mailing claiming a new e-mail address added to the recipient's PayPal account, and advising the recipient to contact PayPal customer service, according to the Anti-Phishing Working Group. The group said the PayPal link purported on the message actually sent the recipient who clicked on it to a site called fast-email-address.us.
That was almost two weeks ago. In November, phishers tried using PayPal as the entrée with a variation of the increasingly – and annoyingly – familiar account suspension threat.
The Anti-Phishing Working Group reported 1,707 active phishing sites in December, with most hosted in the United States, with the average monthly growth rate in such sites from July through December at 24 percent. The group said the number of brands being hijacked by phishers – from banks to payment services to even Rolex watches (actual and alleged) – hit 55 during December, with seven brands equaling the top 80 percent of December phish.
The U.S. hosted 32 percent of the world's phishing sites in December, the APWG said, followed by China (twelve percent), Korea (eleven), Japan (2.8), Germany (2.7), France (2.7), Brazil (2.7), Romania (2.2), Canada (2.1), and India.
