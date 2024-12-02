Targeted customers receive emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices, with the hidden purpose of stealing all their credentials and financial info. To make sure that the potential victims are willing to click on the link embedded within the phishing message, the attackers say that their accounts are limited until they are secured by confirming their identity.

During the phishing campaign, the victims are taken to a series of fake login pages designed to harvest their PayPal usernames and passwords, plus the victims are required to verify their accounts by updating their information if they want to remove the ‘limits’ and fully restore them.

In the next few steps, the victims will be asked to fill out their billing addresses (including their name, phone number, and date of birth), as well as their credit and debit card data to avoid having to filling it out again later while using PayPal.

Throughout the campaign, the attackers use multiple phishing domains with names designed to somewhat resemble an official PayPal site. All the phishing sites were delivered via HTTPS secured connections, displaying a green padlock to increase the targets' trust and give them a semblance of legitimacy.

The researchers recommend checking the URL of the website you land on after clicking a link you were sent via email and, if possible, refrain from clicking any links or opening any attachments you received in your inbox.