PayPal Phishing for Passports and More

PayPal_LogoAn ongoing PayPal phishing campaign is trying to steal a wide range of personal information, including Social Security numbers and passport photos, Threatpost reports. The scams were discovered by Czech IT company ALEF NULA, which noted that the scam is notable for the breadth of data it requests.

The phishing messages inform the recipient that their PayPal account has been locked because a new device logged into it. The recipient is asked to log in to their account and update their info. The link in the message is a URL that redirects the user to the phishing site.

The first two pages on the phishing site are standard forms asking for users’ names, addresses, phone numbers, and payment card details. The next page asks for the user’s date of birth and Social Security number, and the final page tells them to upload a photo of their passport.

Jan Kopriva at ALEF NULA explained that this is a common strategy in modern phishing scams.

“Over the years, phishing authors seem to have learned that once they hook a phish, they should try to get all the information they can from them,” Kopriva said. “This is the reason why many current campaigns don’t stop after getting the usual credit card information, but go further.”

Kopriva also noted that the way the page is laid out might compel users to upload even more information than the attackers are after.

“What might be a bit unfortunate from the standpoint of a potential victim is that after the user uploads a file, the page is refreshed but no confirmation is displayed,” Kopriva said. “This means that a less vigilant user might upload multiple photos of documents while thinking that their previous attempts were invalid for some reason.”

This campaign can be easily avoided by someone who knows what to look for. The initial email contains numerous grammatical errors, and the URL of the phishing site doesn’t even attempt to spoof PayPal’s real address. New-school security awareness training can help your employees recognize these types of irregularities.

Threatpost has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Your Coronavirus and Work From Home Resource Center

Get the latest about social engineering

Subscribe to CyberheistNews