Unique Phishing Scam for PayPal Credentials

Unique Phishing Scam for PayPal Credentials

Credential phishing scams are not new in the cyber-attack landscape. The threat actors regularly come up with innovative techniques and ideas for conducting such scams, which are better in luring victims into giving off their sensitive information and credentials. An exceptional case of credential scam was discovered in which the threat actors targeted PayPal.

The Attack-

This attack is initiated with a phishing email, which looks almost like a legitimate email from PayPal and it requests the user to start a live chat for a notice related to the service. The email is made to look legitimate by making it very sophisticated. The email is also added with links that are usually found in legitimate emails. Though the actors made the email very close to the original, they did not make any effort toward hiding the “from” address. This address was a different email id which had no relation with the email of PayPal.

If the user clicks on the link provided in the mail which claims to open a live chat, a fake live chat opens and the attackers use automated scripts which conduct a conversation with the victims. During this conversation, the attackers attempt to steal various sensitive information such as the email id of the user, phone numbers, and also credit card information.

The X factor-

The credential phishing scams do stop at the conventional methods phone calls, emails or SMS. They can be in any form such as fake login or sign-up pages, forms, etc. They are made to look so legitimate that only after checking features such as headers and the provided links, they can be differentiated as malicious.

Conclusion-

Employees of an organization should be given the proper training in the ways of preventing such attacks. Users should look for the header and try and identify fake links to avoid being a victim of email scams. It is really a dangerous issue that the attackers are able to bypass the email gateways which have a lot of security. It is on the individual that they try and keep themselves safe from such attacks.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.