Cybercriminals Impersonating PayPal to Steal Login Credentials
Cybercriminals are once again phishing PayPal customers attempting to steal their login credentials. The ultimate goal is to gain access to a users’ PayPal account to gain access to sensitive data including banking information that is saved in the profile.
In this PayPal phishing scam, victims are sent an email that informs them that their PayPal account is “limited.” A brief explanation says that this is because of an outdated profile. The victim is instructed to log in to their PayPal account to remove the limitation.
“Because PayPal accounts are linked to credit cards and bank accounts, PayPal itself is a commonly impersonated brand from attackers hoping to steal that information from unsuspecting victims,” says the report on Abnormal Security
The phishing email appears to be sent from firstname.lastname@example.org. However it is really sent by from dion [.]ne.jp. This domain name and email address are not connected to PayPal in any way.
The phishing email message contains a link which attempts to trick the reader into thinking it takes them to a PayPal login page where they can update their profile and remove the limitation. However, the link is cloaked to hide a spoofed website which is not the legitimate PayPal website.
The spoofed PayPal login page impersonates PayPal – it looks the same. However, the domain name arferdimpex[.]biz is obviously not associated with PayPal.
When the reader is tricked and clicks on the link in the phishing email, they are directed to a credential harvesting website. The website impersonates the real PayPal website. It prompts the victim to enter in their PayPal login credentials including their password. If the victim enters their PayPal login, it is sent to the cybercriminals and the PayPal account is compromised.
How to Avoid This PayPal Phishing Scam
- Always scrutinize any email sender’s email address – especially when the email is asking you to click on a link or download an attachment
- Never click on a link in any email (even if you think it is legitimate) to access an online account
- Go directly to the vendor’s website instead
- Beware of any email that urges you to act quickly. Scammers typically strike fear into victims by telling them their account has been locked, their password needs to be reset, or that there has been suspicious activity on their account
- When in doubt, call the email sender to confirm who sent the email