Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

PayPal Users Targeted in Sophisticated Phishing Attack

A recently observed phishing campaign is targeting PayPal users with fake pages that are well designed and difficult to distinguish from the real ones, ESET researchers warn.

A recently observed phishing campaign is targeting PayPal users with fake pages that are well designed and difficult to distinguish from the real ones, ESET researchers warn.

The attack was observed only a couple of weeks after Gmail users were targeted in a phishing campaign that used legitimate-looking URLs capable of tricking even tech-savvy people. The attackers were even able to bypass two-factor authentication protection by accessing the compromised email accounts immediately.

The attack against PayPal users, ESET reveals, uses a very convincing bait as well, with fake websites and email messages meant to trick users into revealing their login credentials and other personal information.

The phishing emails include logos and wording that seems legitimate, yet users paying attention can immediately spot grammar and syntax errors that suggest the author isn’t a native English speaker, which is a clue that something is not right.

The email urges the user to log into their account and includes what looks like a “Log In” button, which in fact takes the victims to a landing page that presents them with a fake login screen. Because it uses an SSL certificate, the page attempts to fool users into believing it is authentic.

The domain, however, has nothing to do with PayPal sites, and are clearly scam URLs. After the user enters their information, another message with fake information is presented to them, asking for more personal details. Thus, the security researchers suggest that the attackers aren’t looking only for the victims’ money, but also after their identities.

To give a sense of urgency, the page claims that the user won’t be able to access the PayPal account until the requested information is provided. The page, however, contains more clues that something isn’t right, as it even asks for the user’s Social Security Number, which applies to US citizens only, but also asks which country the victim is from.

“If you’re concerned about PayPal security, you should log directly into PayPal.com itself and update your security settings, and if you know someone who has fallen victim, the first step should be to change their PayPal password before more damage occurs,” ESET notes.

Advertisement. Scroll to continue reading.

Users should keep in mind that attackers spend a lot of time and effort to make their phishing pages look exactly like those of real vendors. Users of well-known online services such as Gmail, PayPal, and many more are more likely to be targeted in such attacks.

To stay protected, users should avoid opening attachments or clicking on links included in unsolicited emails. When an alert appears while browsing the Internet, users should immediately check the URL in the address bar, to make sure they are on the expected website (it should be http://www․paypal․com/ or https://www․paypal․com/ when PayPal is involved).

“Since phishing becomes more of a problem when the same password is utilized across multiple sites and services, consider deploying two-factor authentication (2FA). By requiring a one-time password generated by a user’s smartphone as a second form of authentication, 2FA helps block unauthorized access,” ESET also notes.

Related: Phished Gmail Accounts Immediately Accessed by Hackers

Related: PayPal Abused in Banking Trojan Distribution Campaign

Related: Flaw Allowed Hackers to Deliver Malicious Images via PayPal

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Cybercrime

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Phishing

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...