Story image

Phishing scammers target PayPal in very well crafted attack, Proofpoint finds

07 Feb 17

Where there’s a will, there’s a way, and scammers are finding increasingly cunning ways to capitalise on the reach and popularity of the world’s global brands. This time PayPal is the target, according to Proofpoint.

The company recently discovered a phishing email message which looked like a benign PayPal login, but in reality it was a “very well crafted” phishing webpage. The page is available in multiple languages, which makes it seem all the more legitimate and across many different regions.

Behind the scenes, the phishing attack turned out to be complex and sophisticated, and Proofpoint says those are the real innovations.

The phishing attempts feature embedded URLs that direct users to the fake PayPal login.

Users who attempt to log in are dragged further into the phishing net, which only accepts genuine PayPal accounts. This is done using a decommissioned PayPal service that allows a person to buy a gift card from a user. The phishing attack then starts with a ‘reassuring welcome page’, Proofpoint says.

Users are then asked to confirm the credit card information. After the phishing kit validates the card, it asks users to enter security information about the card, the link to their bank account and details and identification.

After proceeding through a complete set of personal and financial information, the user then completes the scam and is directed to the genuine PayPal website.

Proofpoint says that the particular phishing kit shows how ‘crimeware as a service’ is rapidly advancing, and will become a more common technique.

Proofpoint says it has notified PayPal of the phishing campaign and the findings. 

52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
Bluetooth-enabled traps could spell the end for NZ's pests
A Wellington conservation tech company has come up with a way of using Bluetooth to help capture pests like rats and stoats.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."