Phishing campaign to steal PayPal users’ identity

There have been countless phishing attacks on PayPal users, but of late the attack has got sophisticated with emails that look real as well as the fake website. Recently phishing attacks were targeting Gmail users and they could fool even the IT pros.

According to Eset researchers, the attack uses emails that look convincing and fake websites that look identical to the real PayPal website which tricks you into entering your login credentials and other personal information then submits to the attacker. Most often with phishing campaigns from non-native English speakers, you might notice grammar and syntax errors when you look deeper. The from email address may be spoofed or will show a different email domain which is not PayPal.

How is the phishing attack done?

You receive an email purporting to be from PayPal stating they want to resolve an issue with your account. There has been some unusual activity on your account Etc. This should make an unsuspecting victim fall for the bait and want to secure his account and safeguard his money. There is a login button at the bottom of the email.


Once you click the login button, a real-looking web-page with a fake login screen that even has an SSL certificate to suggesting it’s authentic will be opened. The domain on the URL has nothing to do with PayPal sites. This URL should be a clue that its a scam. However, the catch is you won't be suspecting its a scam. Always watch-out for this.

Once on the Login screen, you will have to enter your login credentials which will effectively go out to the scammers. You are then taken to another page asking for even more targeted information, which could aid the scammers in their attempts to steal your identity. You have to provide your address, phone number, country, mother’s maiden name, social security number, date of birth and more. What’s more is that you won’t be able to interact with PayPal until all this data has been provided, so you’re fooled into a sense of urgency to get to the end of the line.

How to protect yourself

First and foremost, do not click links in emails. Always type in the URL of the page you want to visit. With such PayPal phishing campaigns, type in paypal.com on your web browser then resolve any issues that may be have been highlighted even if you had received a legitimate email from PayPal.

You can hover your mouse on the link in the email without clicking it. At the bottom of the page the full URL should appear and should start with "http://www․paypal․com/" or "https://www․paypal․com/". You may find the URL appearing as a shortened link, don’t open it.

Passwords are the most common means of authentication and you need to choose good strong passwords which you keep confidential. For sites that offer 2-factor authentication as an extended authentication method, please make use of it. Check my other post on password security tips to help secure yourself.

It’s easy for unsuspecting people to be fooled by phishing campaigns, let this information raise awareness, should someone encounter such campaigns.
image credit: Christiaan008