News

PayPal users targeted by fraudsters with phishing emails

Wednesday 6 December 2017 11:25 CET | News

Cybercriminals have been targeting with millions of PayPal users around the globe a fresh round of email attacks.

The scam was reported by Malwarebytes Labs, and the attack uses PayPal logo and the sender’s address appears to be service@paypal.com. An order number is referenced and the message claims that the would-be victim needs to click a link in order to verify the transaction.

However, the order number is fake, and the button that claims to take customers to the PayPal website actually redirects victims to epauypal.com. Once there, visitors will see forms that look fairly convincing. They ask for the kind of personal data that identity thieves are after: name, date of birth, address, mothers maiden name, and a credit card number.

Alarmingly is the fact that the site has a valid SSL certificate, so the lock icon in the user’s browser will go green to mark it “safe”. Still, according to Forbes, observant PayPal users should note a few glaring mistakes. There is the header bar, which is missing a link for help. There is no alarm bell for notifications or a gear icon that you can click to update your account settings. Victims also do not have to log in to get to these forms, which should set off alarm bells.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Malwarebytes Labs, cybercriminals, PayPal, phishing emails, online fraud, online security, ecommerce, sensitive data
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions