Security researchers identified a phishing attack impersonating PayPal that allowed criminals to access people’s credentials, their PayPal account, and then their finances.
Credentials for access to financial resources will always be a target for criminals, and since PayPal is one of the largest companies of its kind, it has a bullseye painted on it. Squashing phishing campaigns before they take hold is not always possible, so informing users about possible scams is the next best thing.
Researchers from Abnormal Security detected a new campaign targeting PayPal clients with a simple message that informed them their account was limited or flagged. Once they clicked the link, they were redirected to a fake PayPal website, where attackers would trick them into entering their credentials.
“This email appears to be coming from PayPal (firstname.lastname@example.org, which is a real PayPal domain), telling recipients that their account has and limited,” said the researchers. “However, authentication fails for this message and the actual sending domain is ‘dion.ne.jp’, a domain that has no correspondence to PayPal.”
“If the recipient does click on the concealed link and inputs their credentials into this fake PayPal page, the attacker will have access to their PayPal account and all of the sensitive, personal information inside.”
Since PayPal can also link to credit cards and other types of information, with no other security measure in place, such as multi-factor authentication, criminals would have direct access to extremely private financial information.
As usual, an email purportedly from financial institutions should be treated with utmost care. Such organizations never ask for personal information over the Internet. If you receive similar emails, contact the organization directly to confirm the information.