New PayPal phishing scam steals sensitive data

While spearphishing attacks have been grabbing most of the headlines lately, AppRiver researcher Troy Gill said the PayPal scam is instead casting a wide net to obtain sensitive data from as many people as possible.

The supposed PayPal email informs the victim their account has been placed on a ‘limited’ status with no activity allowed until certain information is confirmed. The email has an HTML attachment that directs the recipient to a page where the personal data can be input, to include name, address, mothers maiden name, payment card information, Social Security number and phone number.

Gill said the HTML page is a dead giveaway, but an unknowledgeable person might not realize PayPal would simply direct someone to their account page.

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

Categories

Payments

Fraud and Fincrime

Fintech

Crypto, Web3 and CBDC

Regulations

M&A and Investments

Current themes

A2A Payments

Payment Orchestration

TradFi and DeFi Convergence

KYC, KYB and Digital Identity