Researchers from the Cofense Phishing Defense Center (PDC) have detailed a complex phishing tactic that aims at stealing PayPal credentials. It starts with an email that would only raise a red flag if the sender field were checked. The email asks to initiate a chat with the targeted user regarding an account issue. When viewing the body of the email it looks quite legitimate. However, if the “Confirm Your Account” area is hovered over it can be noticed that the link does not lead to PayPal and rather direct[.]lc[.]chat, but this could trick a lot of people. If a chat is initiated with a potential victim, automated scripts are used to attempt to acquire some basic information like physical address, email address, and phone number. If this is successful, the threat actors will then try to get the users payment information and then verify their information through email or by calling their phone number.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is