Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    PayPal Scammers Want More than Just Your PayPal Credentials

    Paypal phishing - screenshot courtesy ESETResearchers at ESET have come across phishing sites that try to steal PayPal logins along with a wide range of personal and financial information. The scam begins with phishing emails purporting to come from PayPal which inform recipients that an unknown device has accessed their account. The emails appear legitimate and convey a professional sense of urgency. The user is asked to click on a link in the email to verify their identity.

    If a user clicks the link, they’ll be taken to a spoofed PayPal site that asks them to enter a CAPTCHA. The site uses HTTPS but has a suspicious-looking URL, which could tip off observant users. The CAPTCHA page also contains some oddly phrased English, asking users to “confirm their informations.” After entering the CAPTCHA, users will be asked to enter their PayPal credentials.

    At this point, the attackers can already steal a victim’s money if their account doesn’t have multi-factor authentication enabled. However, the attackers in this case assume that if the victim has come this far, it’s worth trying to squeeze more information out of them. The next several pages ask the victim to update their billing address by entering their credit/debit card details along with their name, full address, phone number, date of birth, and mother’s maiden name. Finally, the victim will be asked to enter their email password in order to link their email account to their PayPal.

    ESET notes that this scam relies solely on social engineering, so users can defend themselves if they know how to recognize suspicious emails, links, and websites.

    “Much like other threats in cyberspace, phishing attacks come in various shapes and sizes and continue to evolve,” the researchers write. “As the example shows, however, social engineering tactics remain at the heart of such scams. After all, by preying on human weaknesses, cybercriminals usually take the path of least resistance. For the victims, even a momentary lapse in judgment or a short moment of distraction can have far-reaching and deleterious consequences.”

    New-school security awareness training can enable your employees to spot social engineering tactics with realistic examples of phishing attacks. ESET has the story:

    https://www.welivesecurity.com/2019/12/20/scam-wants-more-than-paypal-logins/

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Social Engineering, Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews