A new PayPal phishing campaign is taking a novel but
direct approach to fraud by asking users, in good grammar, to provide Social Security
and PIN numbers, passport and driver’s license data, and even upload photos of
official documents to prove they’re telling the truth.
Most phishing campaigns follow the same recipe, with bad
actors looking to convince users to share sensitive information, normally consisting
of banking data. But this latest PayPal phishing campaign goes further and aims
to convince people to upload photos and share other information such as their Social
Security number.
Jan Kopriva from tech company ALEF NULA shared
the red flags that people should be watching for in this campaign. Besides the
fact that neither PayPal nor any other company requires users to submit
sensitive banking information online, the source of the email is the first
issue, as it comes from the “ovh.com” domain.
The email says your PayPal account has been locked
following an unauthorized login from a new device or browser. A button with the
text “Secure and update my account now” is listed at the bottom of the email.
Unlike many other phishing scams, this one lacks grammar errors.
When users click on the button, they’re sent to a page
that looks very much like it belongs to PayPal, but it’s not. The original link
is hidden under a bit.ly shortcut, but redirects to
hxxps://nadhirotultaqwa[.]com/usrah/redirect[.]php
Users are even required to provide the Social Security
number and the ATM or debit card PIN. To complete the scheme, users are asked
to upload photos of the actual documents, including the credit card, passport, driving
license, and government-issued photo ID.
No financial institution, private or governmental, will
ever ask users to submit financial details, let alone copies of documents. The
good news is that if you keep your Internet browser up to date and use a security
solution, you will be able to spot these types of phishing schemes with
ease.