Phishing via Cross Site Scripting at Paypal

Netcraft reports a very convincing phishing attack on Paypal, exploiting a Cross Site Scripting vulnerability on the Paypal site.

The phishers exploit a XSS vulnerability on the original Paypal site. They automatically re-direct the user to the Phisher's site after they are induced to visit the original site. Netcraft has step-by-step screen shots of the attack.

Paypal has fixed the vulnerability.

This seems to be the first appearance of phishing tied to XSS. Expect to see more of this in the coming months!