A new PayPal phishing scam has been discovered that tries to steal an extensive amount of personal data from victims by pretending to be a PayPal security warning.

Fake PayPal Email Alerts

The emails seem to have been issued from PayPal’s Notifications Center and inform users that their account has been temporarily closed due to an attempt to log into their account from a previously unknown browser or device.

The emails feature a hyperlink that users are advised to click to log in to PayPal to verify their identity. A button is included in the email which users are told to visit a “Secure and update my account now !” link. The hyperlink is a shortened bit.ly address, that brings the victim to a spoofed PayPal page on a htacker-controlled domain using a redirect mechanism.

If the link is visited, the user is shown with a spoofed PayPal login. After entering PayPal account details, the victim is asked to enter a range of sensitive data to prove their identity as part of a PayPal Security check. The information must be provided to unlock the account, with the list of steps listed on the page along with the progress that has been made toward accessing the account.

AT first the hackers ask for the user’s full name, billing address, and phone number. Then they miust sharetheir credit/debit card details in full. The next page asks for the user’s date of birth, social security number, ATM or Debit Card PIN information, and finally the user is required to send a proof of identity document, which must be either a scan of a credit card, passport, driver’s license, or a government-issued photo Identification card.

Request for Excessive Data

This PayPal phishing campaign seeks an extensive amount of data, which should serve as an alert that all is not what it appears, especially the request to enter highly sensitive data including a Social Security number and PIN.

There are also indicators in the email that the request is not what it appears. The email is not sent from a domain linked with PayPal, the message begins with “Good Morning Customer” and not the account holder’s name, and the notice included at the bottom of the email advising the user to mark whitelist the sender if the email was sent to the spam folder is poorly composed. However, the email has been written to get the recipient to move quickly to prevent financial loss. As with other PayPal phishing campaigns, many users are likely to be tricked into sharing at least some of their personal data.

Consumers need to always be extremely careful caution and should never reply instantly to any email that warns of a security breach, instead they should stop and consider their next move prior to doing anything and carefully check the sender of the email and text. To review if there exists a genuine issue with the account, the PayPal website should be visited by viewing the proper URL into the address bar of the browser. URLs in emails should never be clicked on.

To discover more about current phishing campaigns and some of the key security measures you can put in place to enhance your protection from these campaigns, get in touch with the SpamTitan team now.