From Login Details to Financial Information, the New PayPal Phishing Campaign Steals it All!

A phishing campaign targeting PayPal users was discovered recently by ESET researchers. The victims receive an email that appears to be an alert about “unusual activity” but if the instructions mentioned in it are followed, the targeted users end up giving up all of their account credentials and even financial details to the phishers!

To trick the victims into believing that the email is genuine, the attackers mention in it that the user’s account access would remain limited for their protection until they “verify their identity” by clicking on the embedded link.

Once the link is clicked, the victims are taken to the phisher’s site (created in a way that it looks like the actual Pay-Pal landing page). The users are then asked to enter a CAPTCHA code to verify their “informations”.

According to the ESET researchers, the fabricated urgency factor, poor English, CAPTCHA, cut-off letters and most importantly, the weird URL should make the users suspicious about the whole thing.

After the CAPTCHA code is entered, users are directed to numerous login pages (fake) where they can enter their usernames and passwords. You might think that the phishing process would end here since the login details have been compromised, but there’s more to this campaign!

The phishing spam email bait

Next, targets land on a page where they are assured to get their accounts fully restored, provided that they update their information. The victims are required to submit their complete billing addresses, credit card as well as debit card details. To verify if they have acquired the right details, the attackers request for the verification of debit and credit card details by asking the victims about their account numbers, security code on the card’s backside as well as the maiden names of their mothers.

Finally, the victims are asked to provide the password associated with their email accounts. After that, users are directed to a page where they are congratulated on successfully protecting their accounts and that “accounts will be verified in the next 24 hours.”

The campaign involves the use of various phishing domains and the names look quite similar to the actual PayPal website. Moreover, all sites boast a green padlock, signifying that they are delivered via HTTPS secured connections. This approach wins the trust of victims.

According to ESET, no evidence has been found yet supporting the claim that the phishing campaign in question causes the installation of malicious software on the victims’ devices.


In order to stay safe, the researchers have recommended everyone to check the URL of websites they land on after clicking the link embedded in the email. Users should also avoid clicking links and opening attachments they find in their inbox.

The recommended approach is to enter the site address manually in the web browser. Or better yet, a bookmark created in the past could be used by the users for staying away from scam sites.

PayPal also teaches its users about how they can spot phishing emails. Users can find PayPal’s helpful recommendations in its Help Center. In general, users are asked to avoid clicking embedded links, replying to emails with impersonal greetings or those conveying a false sense of urgency and opening unknown attachments.

If you are one of the PayPal customers who have received a phishing email appearing to be from PayPal, you are recommended to report it to spoof@paypal.com and delete it at your earliest convenience.

Photo: S3Studio/Getty Images

Read next: With Windows Remote Desktop Services Hackers Can Own Your Device Without You Even Knowing It

No comments:

Post a Comment