PayPal has just been hit by a sophisticated phishing attack, according to the US Computer Emergency Readiness Team (US-CERT). In case you didn’t know what phishing is, it is the act of duping people into giving out private information like usernames, passwords and credit card numbers by fake websites that look almost like the legitimate websites they imitate. The attack, which targeted the Bank of America, Lloyds and TSB was sent out through emails as an HTML attachment. What made this phishing attack different from regular phishing attacks is that the fake website which was used to phish for details was stored locally on the users’ computers instead of being online, which would have been detected by anti-phishing defenses present in most browsers today. Sounds like it could have been an inside job? Possibly. Either way, always be on the lookout for phishing sites especially when you click on links sent via emails or instant messengers. It’s always better to go to the main site directly on your web browser instead of an external link.