Aggressive Phishing Campaign Strikes PayPal Users to Steal Identities

Just last month there was a rash of attacks that propagated a phishing campaign that targeted Gmail users to gain access to their Google account and pilfer personal data. Now, there appears to be an attack on PayPal users through an aggressive phishing campaign spreading through emails that pretend to be from PayPal.

PayPal is a Prime Target for Phishing Campaigns

PayPal, as many of us know, is a widely popular online payment system that supports online money transactions and services as an alternative to traditional money transfer methods. According to Statista, there are over 197 million active PayPal accounts around the world comprising of personal and business use.

With so many people using PayPal, it is no wonder that hackers have taken the effort to target and attack PayPal users with a phishing campaign in the recent weeks. The particular PayPal phishing campaign is one that is first spread through emails that are specially designed to look like ones sent from PayPal inquiring about one's PayPal balance explaining how there is a problem. The email even goes as far as to provide a login button at the bottom, which is perceived as a quick method for the computer user to access their PayPal account and allegedly resolve the issue at hand. The email button and embedded link, when clicked on, redirects a potential victim's web browser to a website that closely mimics a legitimate PayPal login page where they unknowingly give up their login credentials to the hackers behind the scheme.

PayPal Phishing Campaign Emails Custom Tailored to Foil Computer Users

Computer security researchers at ESET were able to uncover the details of the PayPal phishing emails, which use many convincing features to trick unsuspecting computer users. Though, the PayPal phishing emails are not absent of grammar and syntax errors, which gives an indication that the author of the phishing attack is not fluent in the English language.

While some computer users who initially fall for the PayPal phishing attack think that they are on the way to resolving an alleged problem with their account, scammers are on the other end of the phishing site ready to collect their PayPal username and password.

One of the more interesting aspects of the PayPal phishing attack is that the perpetrators behind the scam take their scheme a step further than the traditional phishing campaign. Once login credentials are entered on the phishing site, the page returns with a verification screen that asks for additional personal information, such as the computer user's address, phone number, social security number, date of birth, and even their mother's maiden name.

Those who fall victim to the more aggressive aspects of the PayPal phishing attack may arm hackers with enough personal details that it creates a likely case for identity theft. Furthermore, victimized computer users may not know the ramifications of their actions until it's too late and they get a notification in the mail that they own thousands of dollars on something they didn't purchase.

PayPal has long been aware of the many phishing scams circulating on the Internet and they continue that those who discover phishing scams or spam emails that exploit PayPal in any way to report them to the spoof@paypal.com email address. For now, computer users are urged to avoid clicking on any links within emails that appear to have come from PayPal. It's best that users manually open a new browser window or tab to navigate directly to the PayPal.com site.