PayPal users suffer another phishing scam

Another scary phishing scam has been uncovered, this one aimed at PayPal users, which makes it extra scary.  Since paypal.com is probably the most common method of making and receiving payments online, it’s a sort of gold mine for the extremely sophisticated phishers behind the current scam.

According to M86 security lab researcher  Rondel Mendrez, who first identified the scam, the attacks use a malicious website stored locally as opposed to redirecting users to a well-disguised fake site.  It comes as an unsolicited e-mail with an HTML attachment.  Using the HTML file allows them to bypass most security software and avoid detection.

Since no warning is given, users assume they have accessed a safe site, and enter the required information including names and account numbers, where it is collected and sent to a compromised web server.   From there it can be used to access bank accounts and credit cards, and/or sold to other ‘underground’ internet scammers.

One red flag every user should be aware of is the lack of a specific name on the e-mail.  If it is just addressed to ‘member’ or ‘account holder’ and not with the full name used on the card or account, it’s almost certainly not legitimate.

One example of this is an e-mail with a forged logo, in this case PayPal, which warns the user that his or her account is temporarily restricted because of attempted use with unknown passwords. To “clear up the problem” the user is instructed to verify personal information, etc.  Users are warned not to open such an e-mail and to contact the company directly via its home website.