A cross-site scripting flaw in the PayPal website allows a new phishing attack to masquerade as a genuine PayPal log-in page with a valid security certificate. The attack works by tricking PayPal members into following a maliciously crafted link to a secure page on PayPals site. Fraudsters are exploiting the flaw to harvest personal details, including Social Security numbers and credit card details. The PayPal site, owned by eBay, allows users to make online payments to one another, charged to their credit cards.”]
Source: https://www.csoonline.com/article/2121308/phishing-scam-uses-paypal-secure-servers.html