Hackers are spreading the Chthonic banking trojan via legitimate-looking PayPal emails, security outfit Proofpoint has warned. The emails are 'authentic' and don't trigger antivirus warnings because they come via PayPal from accounts that appear to be legitimate.

"The sender does not appear to be faked. Instead the spam is generated by registering with PayPal and then using the portal to request money," said Proofpoint in a security advisory. The attackers take advantage of a feature that allows users to include notes when sending money request messages. One sample picked up by Proofpoint showed that Gmail failed to block the email since it appeared to be legitimate.

Under specific conditions, PayPal can ask users to confirm their identity to prevent frauds. When users are asked to verify their identity, their account is not accessible and in order to unblock it PayPal request them to make a call or send an email to its service and complete the procedure.

Mejri explained that a vulnerability affecting the PayPal mobile app that can be exploited by attackers to access blocked accounts through repeated login attempts that leverage valid session cookies. The same trick could be used to bypass two-factor authentication process, once the attacker successfully accesses the account is it able to change its settings.

Evaluating online cybersecurity awareness of 2,011 consumers from the USA and United Kingdom, a new survey by One Poll and Dimensional Research revealed that a lot of respondents believe using a third party payer such as PayPal or Google Wallet is the safest way to pay for goods online.

With so many retail breaches this year, it is not surprising that people are now more comfortable shopping online. However, consumers still need to be wary of where they are storing their data. Third party payment providers make the online shopping experience easier, but they can and will be targeted just the same as the retailers themselves.

Not all accounts are created equal. It’s only natural that you would care less about an ESPN Fantasy Football account than you would care about your online banking or PayPal account.

Anyone who spends even a little time thinking about security is careful to use a strong password and proceed with caution when accessing a service related to personal finance. However, a lot of users are also relatively careless about their primary webmail account, which often serves as a master key to all other accounts. Think about it: whenever you set up nearly any online account, you’re prompted to enter a primary webmail account. There are a number of reasons for this.