Malaysian government portal used by PayPal phishers

Network World Asia posted an article on how PayPal phishers have infiltrated Malaysian government servers to host their fake PayPal sites. This is a serious security breach, compounded by the fact that it was publicised a day after the Science, Technology and Innovations Minister , Datuk Seri Dr Jamaluddin Jarjis, made a press statement (The Star, 19 Nov) stamping the presence of the Malaysian Cyber Security Centre.

Excerpt from Network World Asia:

The scam was discovered by Bill Carton, an engineer based in San Diego who has spent the last 10 years as a volunteer antispam activist, shutting down bulk e-mailers in his spare time. Carton received an e-mail Friday morning that purported to be from eBay Inc.'s PayPal service.

It read like a standard phishing pitch: "It has come to our attention that your account information needs to be updated," the e-mail said. "If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service."

What was unusual, however, was the fact that the link in the e-mail was to a fake PayPal site hosted by servers in the Malaysian government's gov.my domain.

"This one was interesting because of the Malaysian angle. A government server usually gets my attention," Carton said.