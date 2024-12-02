Moreover, users are tricked into giving away also their PayPal credentials and payment card details. During a four-step process, the attack asks for the user’s address, payment card data, and a picture of the user holding his ID card. Brought to Bleeping’s attention by security researchers from PhishMe, the fraudster behind this operation relies on spam emails to drive users toward a PayPal phishing page hosted on a compromised WordPress site from New Zealand.

This manoeuvre of asking a user for a selfie while holding his ID card has been in October 2016, when McAfee discovered a version of the Acecard Android banking trojan that was also asking users to take a selfie holding their ID card when logging into their mobile banking accounts.

At the time of writing, the phishing page had been removed, the online publication continues.