If you are a PayPal user, you will obviously be very careful about the emails you receive about your balance and whatnot. This is because there are numerous phishing campaigns targeting PayPal users and here is another new one.
The latest phishing campaign tricks the PayPal users by using fake pages that are really well done, these are hard to distinguish from the real ones. According to the ESET researchers, this latest attack uses very convincing bait and takes the user through fake web pages that look legitimate and tricks user into revealing his login credentials and other needed personal information.
The emails user receives include logos, wording that looks just fine at the first glance. But when you have a closer look at the text, you can find grammar and syntax errors and this suggests that the author is not a native English speaker.
How does it work?
These emails say you something like, PayPal needs help resolving an issue with the user account and there are some temporary limitations to your account until this problem is solved. This will urge the user to hurry up and fix the cause of the trouble. The email also includes a “log in” button at the bottom of the email. Once you click it, you are taken to the attacker’s web page.
Sure, the page might look real, but the URL is anything but, indicating that it’s all a hoax. Once there you will have to enter your login credentials which will effectively go out to the scammers. You are then presented with data to back up the “limited account” lies presented in the email.
The next page you’re taken to makes this scam even more dangerous because this is where they try to steal your identity. You have to provide phone number, your address, social security number, mother’s maiden name, date of birth and more.