Friday, January 22, 07:19
Home security PayPal: Phishing emails promise account protection but steal data

PayPal: Phishing emails promise account protection but steal data

PayPalA new Phishing campaign takes place this time and targets its users PayPal. Hackers send phishing emails, which are supposed to be warnings for "unusual activity", and inform them users for suspicious links from unknown Appliances.

Her researchers ESEThowever, they found that phishers cheat users and make them give significantly data and credentials they use in the payment service.

The attackers place one malicious link in e-mail and trying to convince users to open it. From there they steal user data. To do so they try to scare the victims as much as possible so that they do not think about it and take immediate action. That is why they are told that the accounts they cannot be used until user authentication is confirmed. To confirm, users need to open the link in the email.

“Please log in to your PayPal account and complete the steps to confirm ID card your. "To protect your account, it will remain closed until you complete the necessary steps," says the phishing email.

"The security of your PayPal account is a top priority for us and we want to work together to protect it."

Authentication process

After the victim opens it phishing PayPal page, phishers will remind him again that unauthorized access to the account should be prevented. For this reason, victim is required to confirm 'information»By entering a password CAPTCHA that appears on the page.

According to ESET researchers, there are some data to help users understand that this is fraud. Initially, h sense of urgency, often associated with phishing campaigns, as hackers do not want to leave much space for victims to think. Other signs are strange URLThe incorrect use of the English language and use CAPTCHA.

The victims are then transferred to fake login pages that collect usernames and passwords access of PayPal.

Once connected, a page appears asking victims to verify their accounts by updating their information. This way they will be able to fully restore their accounts.

In the next steps, victims are asked to complete them their billing addresses (including their name, phone number, and date of birth). They also introduce credit and debit card details so they don't have to do this the next time they use Paypal.

To be sure, the attackers ask victims to confirm their credit and debit card information by entering them. their account numbers, password security on the back of the card and their mother's name.

In the last step, the victim is called to and provide his email password.

After all this is done, hackers send a message to the victims and congratulate them on successfully restoring their account.

According to the researchers, the attackers used many phishing domains with names that resembled the official PayPal site.

All phishing sites delivered via secure HTTPS connections, with the feature padlock, which increases user confidence and gives a sense of legitimacy.

"It is worth noting that we have not found any evidence that this campaign results in the installation of malware on the victims' machines," ESET added.

How to avoid phishing attacks?

  • Do not open links from emails from unknown senders.
  • If you open a link, check the site URL. Enter the URL of the site manually browser.

The PayPalalso provides some tips about finding phishing emails on his Help Center site and stresses that users should not reply to emails, click on embedded links or download and open attachmnets.

PayPal provides some tips to help you find phishing emails easier:

  • Impersonal, general greetings are used, such as "Dear user" or "Dear [email address]"
  • They ask you to click on links
  • They contain unknown attachments
  • They create a sense of urgency
  • They are presented as warnings on serious issues

If someone has received a strange email that appears to be coming from PayPal, they should report it to as soon as possible and delete it from their Inbox.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...