An ongoing PayPal phishing campaign is trying to steal a wide range of personal information, including Social Security numbers and passport photos, Threatpost reports. The scams were discovered by Czech IT company ALEF NULA, which noted that the scam is notable for the breadth of data it requests.
The phishing messages inform the recipient that their PayPal account has been locked because a new device logged into it. The recipient is asked to log in to their account and update their info. The link in the message is a Bit.ly URL that redirects the user to the phishing site.
The first two pages on the phishing site are standard forms asking for users’ names, addresses, phone numbers, and payment card details. The next page asks for the user’s date of birth and Social Security number, and the final page tells them to upload a photo of their passport.
Jan Kopriva at ALEF NULA explained that this is a common strategy in modern phishing scams.
“Over the years, phishing authors seem to have learned that once they hook a phish, they should try to get all the information they can from them,” Kopriva said. “This is the reason why many current campaigns don’t stop after getting the usual credit card information, but go further.”
Kopriva also noted that the way the page is laid out might compel users to upload even more information than the attackers are after.
“What might be a bit unfortunate from the standpoint of a potential victim is that after the user uploads a file, the page is refreshed but no confirmation is displayed,” Kopriva said. “This means that a less vigilant user might upload multiple photos of documents while thinking that their previous attempts were invalid for some reason.”
This campaign can be easily avoided by someone who knows what to look for. The initial email contains numerous grammatical errors, and the URL of the phishing site doesn’t even attempt to spoof PayPal’s real address. New-school security awareness training can help your employees recognize these types of irregularities.
Threatpost has the story: https://threatpost.com/active-paypal-phishing-scam-targets-ssns-passport-photos/152755/