We all know that the cyber criminal community depends widely on phishing scams to attack the innocent users, that is why these attacks are not only increasing but also adding the sophisticated means to trick the users into giving their financial and personal details.
Recently, a group of security researchers at Cyren has discovered a phishing scam which is targeting the banking customers worldwide. According to researchers, the targeted platforms include online banking customers of Fargo, Chase, Capital One, Wells and online money transfer giant Venmo and PayPal.
This new phishing campaign carries same old method of tricking the users into clicking on an attachment file, but this time the attached the HTML file is embedded with the data URLs. It must be noted that last month, Gmail users were targeted with a similar phishing scam in which attackers embedded data URLs in PDF files which took users to a fake Gmail sign in page.
But, since Gmail scam has already been busted, the attackers who are heavily relying on the HTML files to phish the users. According to Cyren, this latest scam is already reaching a new heights with a 50% increase only in the month of February.
“These attacks are proving effective at evading detection by many email security systems, which typically allow HTML attachments, or are not capable of scanning their content, and therefore do not detect the telltale “data:text” URI header — as opposed to .exe attachments, which are commonly blocked,” notes the Cyren.
Also, the PayPal phishing scams are at a large where the scammers are using a highly sophisticated tricks to steal the login credentials from the users.If you have a PayPal account, it is advisable for you to log in to your account by entering the web address into your the browser’s address bar or through the official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below: