New PayPal Scam Seen in the Wild - Binary Defense

Threat Watch

Threat Watch New PayPal Scam Seen in the Wild

New PayPal Scam Seen in the Wild

Recent observations by researchers have revealed a new PayPal phishing email scam that attempts to obtain data, including Social Security numbers (SSN). Potential victims receive an email that states their account has been locked. Within the email is a bit.ly link that will redirect the recipient to a phishing site. The phishing site starts by asking for PayPal credentials, but then it moves on to asking for more personal information including birthdate, SSN, and card pin. It did not stop there; some victims were asked to provide photos of their ID or credit cards. Security researcher Jan Kopriva reported the issue to PayPal, but it may take them a while to get the phishing site taken down. This news comes not even two months after a separate PayPal scam that used a valid SSL certificate to steal banking information.

ANALYST NOTES

It is advised that whenever an email message is received that contains a link to a website, it should be treated with suspicion, especially if it seems to have been sent from a financial service such as PayPal or a bank. If the website is visited, users should attempt to verify its legitimacy before any important credentials are input. In this case, users could note that the bit.ly link redirected to a website that is not hosted at the paypal.com domain or reach out to PayPal directly and ask them to verify the legitimacy of the site. It is much safer to go directly to the service’s website using the known and trusted domain name to log in, rather than following a link from an email message.

Indications of Compromise:
https://bit[.]ly/2SwO61R
https://nadhirotultaqwa[.]com/usrah/redirect.php
https://www.leemou[.]com/files/selector/

Source: https://www.tripwire.com/state-of-security/security-data-protection/new-paypal-phishing-email-scam-wants-your-social-security-number/