https://www.paypal.com/en_US/i/logo/paypal_logo.gifA security flaw within the PayPal Web site is posing a serious threat to its users, security firm Netcraft said Friday. The credit card numbers and personal information of those duped by attackers is at risk through a cross-site scripting attack.

A fraudster tricks the user into divulging information by asking them to visit an actual PayPal URL. Since this is hosted by the company, it would appear as if information is encrypted through the company's own SSL certificates. However, through cross-site scripting, some of the information on the accessed page has been modified.

The faked page claims that the user's account has been disabled due to "third-party access," much like the current PayPal scams. But this one is very different, as the page that says this appears to be an actual PayPal page.

:source: Source: http://www.betanews.com/article/Serious_PayPal_Flaw_Disclosed/1150476019

who does this apply to? people using paypal at a certain time or just ingeneral who ever has paypal..im pretty sure i know the answer just making sure

PayPal fixes fatal flaw :

http://www.theinquirer.net/?article=32493

I had fallen for that scam once and called paypal after the damage had been done. I had to change a few things on my info and password. Do not answer anything from paypal that does not have your name in the heading. But you are suppose to send it to paypal at, [email protected]. Paypal then takes action against the fraud. If you have any questions call paypal and talk with them.