[cryptography] Paypal phish using EV certificate
pgut001 at cs.auckland.ac.nz
Tue Aug 13 05:10:02 EDT 2013
I recently got a another of the standard phishing emails for Paypal, directing
me to https://email-edg.paypal.com, which redirects to
https://view.paypal-communication.com, which has a PayPal EV certificate from
Verisign. According to this post
http://www.onelogin.com/a-paypal-phishing-attack/ it may or may not be a
phishing attack (no-one's really sure), and this post
http://www.linuxevolution.net/?p=12 says it is a phishing attack and the site
will be shut down by Paypal... back in May 2011.
Can anyone explain this? It's either a really clever phish (or the CAs are
following their historically lax levels of checking), or Paypal has joined the
ranks of US banks in training their users to become phishing victims.
More information about the cryptography