The note that accompanies the threat not only tries to steal your money through a normal Bitcoin ransom payment, but also offers a choice to pay via PayPal. If a user chooses to pay using PayPal, they will be brought to a phishing site that will then attempt to steal the victims PayPal credentials, according to BeepingComputer.
When a user clicks on the PayPal Buy Now button, they will be brought to a phishing page that tries to appear as a legitimate PayPal page. The only difference is that if they submit their information, instead of it being sent to PayPal.com, it is sent to http://ppyc-ve0rf.890m.com/s2[.]php, which then displays another form asking for your address and other personal information.
In the end, after filling in all the requested info, the phishing page states your account has been unlocked and redirects you to the normal PayPal login page, where you are prompted to login.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now