PayPal users’ accounts are under threat from a new phishing campaign that attempt to steal potential victims’ login credentials…
PayPal users are again being targeted by a new email phishing fraud. As with many of these types of schemes, the perpetrators are using a combination of technologies to fool PayPal account holders into giving away their personal information. Once those details are stolen, the cyber-criminals can not only access victims’ accounts, but also commit other frauds, such as identity theft.
New PayPal Phishing Scam Campaign Targets Users’ Accounts
This latest PayPal phishing scam campaign is somewhat complex, though it’s definitely not without its telltale flaws. First, the attackers create a fake but realistic-looking PayPal website with Glitch (a low-code software package). Then, the thieves use GoDaddy to obtain a secureserver.net domain. Once setup, the cyber-criminals begin distributing fraudulent email messages to potential victims.
Of course, the bogus emails prompt account holders to update their information by logging in to the fake website (that looks a lot like the real PayPal website). Although the fake email contains some typos and there are a few imperfections with the bogus website, it’s enough to convince anyone who isn’t paying close attention, and that’s precisely what the attackers are counting on happening. Those who are fooled give up their phone number, email address, and PayPal password.