Rewterz Threat Alert – PayPal Phishing Attacks

Severity

Medium

Analysis Summary

An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info.

After the target lands on the PayPal-branded phishing site, the phishers will again remind them that they need to prevent unauthorized access to secure their accounts, asking them to confirm their ‘informations’ by entering a CAPTCHA code displayed on the page.

Throughout the campaign, the attackers used multiple phishing domains with names designed to somewhat resemble an official PayPal site.

All the phishing sites were delivered via HTTPS secured connections, displaying a green padlock to increase the targets’ trust and give them a semblance of legitimacy.

Impact

• Credential theft
• Financial loss

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.
• Always look for legitimate URL of the website you land in when you click on the link via email.