Scammers are pushing out fake PayPal emails that use the premise of an unverified transaction to phish for customers’ personal and financial information.
The attack emails lure in users with subject lines stating how PayPal couldn’t verify their transactions or complete their most recent payments. Here’s one example:
We couldn’t verify your recent transaction
We just wanted to confirm that you’ve changed your password. If you didn’t make this change, please check information in here. It’s important that you let us know because it helps us prevent unauthorised persons from accessing the PayPal network and your account information.
We’ve noticed some changes to your unsual selling activities and will need some more information about your recent sales.
Verify Information Now
Thank you for your understanding and cooperation. If you need further assistance, please click Contact at the bottom of any PayPal page.
Clicking on the “Verify Information Now” redirects the user to myaccounts-webapps-verify-updated-informations(dot)epauypal(dot)com/myaccount/e6abe. This fake landing page in turn attempts to direct them to a resolution center. There, they’re prompted to resolve the issue by providing “a little more information about [their] account transactions.”
A little more information? Try the user’s name, address, phone number, mother’s maiden name, date of birth, and credit card information.
Christopher Boyd, lead malware intelligence analyst at Malwarebytes, explains the damage that submitting such data into the fake form can cause to users:
Sadly, anyone submitting their information to this scam will have more to worry about than a fictional declined payment, and may well wander into the land of multiple actual not-declined-at-all payments instead. With a tactic such as the above, scammers are onto (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/scammers-disseminating-unverified-paypal-transaction-phishing-emails/