Netcraft's anti-phishing toolbar community identified a phishing attack against PayPal in December. FasterPay – which describes itself as the UK's only safe, all-in-one Internet Banking payment service – was apparently hacked, and a subdirectory on the company's own website at www.fasterpay.co.uk was used to host a PayPal phishing site.
The site sported the the Extended Validation SSL certificate used by the FasterPay website reducing the likelihood of arousing suspicion by visitors. While it may be a reminder that users may want to do more than merely look for the presence of an EV certificate when deciding whether or not it is safe to submit personal or financial data to a website, it is unclear what that would consist of.
As the SSL have the financial backing of the issuer, it will be interesting to see the fallout in the coming days.