perm_phone_msgConsider your business risks? Chat With US

‘Ambitious’ PayPal phishing scam seeks to steal more than login credentials – SiliconANGLE

Ransomware BCyber todayJanuary 27, 2020 66

share close

A newly discovered PayPal Inc. phishing scam is not only targeting login credentials but also personally identifiable information and payment card data.

Discovered and publicized Dec. 20 by security researchers at ESET spol s.r.o., the phishing campaign targets users with crafted emails that claim that the PayPal account belonging to a user has experienced “unusual activity.” The email then asks the target to log into the account to protect it.

Those who click on the link in the email are taken to a phishing page designed to look like the PayPal login page to enter their details, a fairly typical phishing process at this point. But then it gets a bit more interesting or, as the researchers describe it, “ambitious.”

After entering their details, users are then asked to “verify your account” by providing additional personal information. The information asked for includes billing address, credit/debit card details and email address. At the end of the process, a screen appears stating that the now phishing victims have had their PayPal account restored.

There are some giveaways during the process that all is not as it seems. For one, the URL used isn’t one related to PayPal and there are some misspellings on the various screens as well. Reflecting a trend regularly seen this year, the URL has an authentic Secure Sockets Layer certificate complete with a green padlock in an effort to convince users that it is the real deal.

“As shoppers finalize their online orders and review their purchases made ahead of the holidays, it is important to keep a close eye on their transactions as they manage their personal finances,” Matthew Gardiner, director of enterprise security at cybersecurity firm Mimecast Services Ltd., told SiliconANGLE. “Shoppers should be increasingly vigilant in monitoring their activity and be cautious of alert emails received, always checking to ensure they are from a legitimate source.”

Since PayPal offers shoppers a secure platform that avoids their having to provide their information to retailer sites, he added, it’s natural for people to assume that an alert from the service is legitimate. “However, with the hustle and bustle of the holiday season, phishers can take advantage of the busy, unaware shopper who may not be monitoring and flagging fraudulent transactions, and instead fall victim to a false alert scheme,” he said.

Since you’re here …

Show your support for our mission by our 1-click subscribe to our YouTube Channel (below) — The more subscribers we have the more then YouTube’s algorithm promotes our content to users interested in #EnterpriseTech.  Thank you.

Support Our Mission:      to our Youtube Channel

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at  — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat