New Phishing Attack Impersonates PayPal with Threats of "Flagged" Profiles

Security researchers identified a phishing attack impersonating PayPal that allowed criminals to access people”s credentials, their PayPal account, and then their finances.
Credentials for access to financial resources will always be a target for criminals, and since PayPal is one of the largest companies of its kind, it has a bullseye painted on it. Squashing phishing campaigns before they take hold is not always possible, so informing users about possible scams is the next best thing.
Researchers from Abnormal Security detected a new campaign targeting PayPal clients with a simple message that informed them their account was limited or flagged. Once they clicked the link, they were redirected to a fake PayPal website, where attackers would trick them into entering their credentials.
“This email appears to be coming from PayPal (service@paypal.com, which is a real PayPal domain), telling recipients that their account has and limited,” said the researchers. “However, authentication fails for this message and the actual sending domain is “dion.ne.jp”, a domain that has no correspondence to PayPal.”
“If the recipient does click on the concealed link and inputs their credentials into this fake PayPal page, the attacker will have access to their PayPal account and all of the sensitive, personal information inside.”
Since PayPal can also link to credit cards and other types of information, with no other security measure in place, such as multi-factor authentication, criminals would have direct access to extremely private financial information.
As usual, an email purportedly from financial institutions should be treated with utmost care. Such organizations never ask for personal information over the Internet. If you receive similar emails, contact the organization directly to confirm the information.
Were you a victim of a data breach? Time to find out with Bitdefender”s Digital Identity Protection tool.
tags
Author
Right now
Top posts
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022