Slovakian security firm ESET discovered an ongoing phishing campaign is targeting PayPal customers. It does so by sending emails disguised as ‘unusual activity’ alerts that warn them of suspicious logins from unknown devices and attempts to exploit their credentials and financial information.
To ensure that the potential victims are scared and willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they’re secured by confirming their identity.
“Please log in to your PayPal account and complete the steps to confirm your identity. To help protect your account, your account will remain limited until you complete the necessary steps,” the phishing bait emails say.
“The security of your PayPal account is a top priority for us and we want to work together to help protect it.”
The email also contains a link to a fake PayPal page that contains the proper logos and branding.
Phishing email sample (ESET)
Throughout the campaign, the attackers used multiple phishing domains with names designed to resemble an official PayPal site.
After the target lands on the PayPal-branded phishing site, the phishers will again remind them that they need to prevent unauthorized access to secure their accounts, asking them to confirm their ‘informations’ by entering a CAPTCHA code displayed on the page.
To make sure that they don’t harvest useless information, the attackers will also require the victims to confirm their credit and debit card info by entering their account numbers, the security code on the back of the card, and their mother’s maiden names.
In the last step, their e-mail’s password will also be requested so that the attackers can get access to other accounts in the future — however, they do promise not to use the password.
At that point, the scam reassured the user that their account was secure. In reality, the user had forfeited several pieces of their personal and financial information, data that an attacker could then use to commit identity theft and credit card fraud.
Recommendations
The only good point with this particular attack is that ESET has not found any malware being downloaded onto the victim’s device; however, if the person did follow all the steps as indicated by the cybercriminals a portion of his or her financial online financial life is at risk.
The researchers recommend checking the URL of the website you land on after clicking a link you were sent via email and, if possible, refrain from clicking any links or opening any attachments you received in your inbox.
The safest way is to write the address of the site manually in the web browser or use a previously created bookmark if available to avoid being redirected to sites designed to collect your info or infect your computer with malware.
Customers who have spotted a phishing message in their inbox posing as an official email sent by PayPal are asked to report it as soon as possible by forwarding it [email protected] and to delete it as soon as possible.
Secure Your Organization’s Mind with Securemind.se
