A new PayPal phishing attack steals data by promising to secure accounts

Monday 23 December 2019 13:56 CET | News

ESET researchers have spotted an ongoing phishing campaign targeting PayPal customers, where hackers are trying to gain access to customers’ credentials to the payment service.

Targeted customers receive emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices, with the hidden purpose of stealing all their credentials and financial info. To make sure that the potential victims are willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they are secured by confirming their identity.

During the phishing campaign, the victims are taken to a series of fake login pages designed to harvest their PayPal usernames and passwords, plus the victims are required to verify their accounts by updating their information if they want to remove the ‘limits’ and fully restore them.

In the next few steps, the victims will be asked to fill out their billing addresses (including their name, phone number, and date of birth), as well as their credit and debit card data to avoid having to filling it out again later while using PayPal.

Throughout the campaign, the attackers use multiple phishing domains with names designed to somewhat resemble an official PayPal site. All the phishing sites were delivered via HTTPS secured connections, displaying a green padlock to increase the targets' trust and give them a semblance of legitimacy.

The researchers recommend checking the URL of the website you land on after clicking a link you were sent via email and, if possible, refrain from clicking any links or opening any attachments you received in your inbox.

PayPal also provides a series of recommendations on how to spot phishing e-mails in its Help Center site.
More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: PayPal, phishing, fraud prevention, credit card, debit card, hackers, stealing funds
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime