An Example of a PayPal Phishing Attack Found in the Wild
Image 1: Bogus phishing email example from PayPal
The Bait
The “Click to Confirm” link redirected me to a legitimate-looking PayPal homepage that mimics their current website design.
Image 2: PayPal homepage look-a-like used to conduct phishing attacks
Examining the structure of the target URL revealed a different domain – edmrevistas.com and not paypal.com.
hxxp://service.confirm.paypal.cmd.cgi-bin.2866sd4f8e554sfd4e5s23sd8ed52s3f24f7d6sf8e33ds7d3d.
dsfd542426d7s3d6s.sfdef157e6d57323sde8d56s4d.f545d43146e84d5d.d39d2585274f8d8fd.
5485758d27f8166.edmrevistas.com/your-account.php
Interestingly enough, some of the links on the copycat homepage point to the official PayPal website. For example, the “Buy” hyperlink points to the correct hxxps://www.paypal.com/webapps/mpp/how-paypal-works URL. By doing this, the cybercriminal is attempting to fool unsuspecting users that the site is legitimate. Like many other phishing emails, this attack’s intention is to trick you into handing over your PayPal account details, including a credit card number.
One way to check if there is problem with your account is to type the paypal.com URL directly into your web browser and log in as usual. If any legit security messages or account alerts exist, they will be clearly visible via the PayPal messaging system. Here is another example of a PayPal phishing email:
Image 3: Another example of a PayPal phishing email
The hyperlinks in the email (image 3) redirect to the same, bogus hxxp://host25.griv.nl/WRBaAAmC/index.html URL, which is nothing more than a phishing website.
How Can You Spot Phishing Emails?
Here are five simple tips to avoid being defrauded by phishing emails:
- Check all hyperlinks within the email and verify that they point to the parent domain of the brand mentioned in the message. In this case, the hyperlinks should all be under the paypal.com domain.
- Be wary of sub-domains, such as site.paypal.com. While it is common of brands to utilize sub-domains for legit reasons, cybercriminals can also leverage them to conduct phishing attacks.
- If the email contents or the information being conveyed look suspicious, go directly to the site and login. Information regarding pending transactions or issues with your account is typically visible in your dashboard.
- If you receive a notification into an email address not registered to PayPal, it is probably a good idea to ignore it.
- When in doubt, STOP. THINK. CONNECT.™
Always check the URL to verify the domain, SSL, and more… Alternatively, try the zveloLIVE tool to check for malicious status.
