New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


PayPal Scam Found on Twitter as a Promoted Tweet

Posing as a lucky draw scam, a PayPal scam gave users a chance of winning money through their PayPal account by posting a link that required login credentials to verify their account. There were no listed prizes, but the tweet posted by @PayPalChristm included pictures of a car and an iPhone. Hints that led to the assumption of a scam included PayPal being spelled as “PayPall,” the pictures on the tweet were not a part of PayPal’s branding, and the page that users were redirected to did not include HTTPS nor a URL, although it looked like a real PayPal site. A journalist inputted fake login information which was sent to a page separate from the original link. Once the site was reached, it asked for confirmation of debit and credit card holders’ names and numbers along with the additional information necessary to access the account. It is clear that PayPal accounts are not the only target of the scam, but financial information was being targeted as well.

Analyst Notes

Users should look for clues that could help them further identify if the tweet is a legitimate or not—such as spelling mistakes, faulty images, and misguided links. If something seems too good to be true, it probably is. If financial information is asked for, users should always be cautious as to why and who they are giving this information to.