For a few weeks now, users of PayPal, the number 1 online payment solution is affected by a phishing campaign that targets its users.
It was the cybersecurity company ESET that updated the scam, which is likely still ongoing. According to the computer security company, it all starts with an email that alerts about a problem on the user's PayPal account.
This article will also interest you: Phishing: Bank data stolen once again
In this mail, the user is informed that there are unusual movements on his account PayPal. For security reasons then, the latter will be asked to click on a link that will appear at the very bottom. The email mentions an emergency, stressing the importance of doing as soon as possible there security procedure across the line. Everything is well done to mislead the user.
If, unfortunately, the savvy user clicks on the link, he will then be automatically redirected to a website that looks very much like PayPal at the interface level. And the most amazing thing about the story is that in the address displayed at the top in the search bar, the HTTPS protocol appears, which means a connection is allowed. Even the sign of the padlock closed and also visible to make the user believe that it is beautiful and well on a totally secure site, that of PayPal. The technique is perfect and few users will not be fooled by it. Of course after all this the user will be asked to log in. It will of course enter in the bars, these login credentials including username, email address, and password.
At this point, hackers will simply collect the data provided by users who have fallen into the trap. The rest you surely guess, the user accounts that will be taken into the game, will be emptied by hackers.The technique seems perfect. In addition to account identifiers PayPal, hackers will request other personal information, including birth dates and billing numbers, credit card data, user addresses, phone numbers and even the visual cryptogram of the card used. We look at this we realize that the purpose of hackers is not only to empty the account PayPal of deluded users, but it also aims to initiate other illegal actions that can be both painful and financially damaging. One thinks in particular of identity theft, credit card fraud because, with the information they have been able to collect, they can also draw on the bank account of the victims.
If the technique seems perfect, it seems that there is a way not to be made. According to the cybersecurity firm, users should take care to most often check the email addresses used by senders when it comes to this kind of message. In most cases, not all of them, the addresses used are clearly different from the addresses used by the platform concerned. Even URLs used to deceive users often also contain certain details that differ from or differ from the original. You can simply avoid clicking on links that you will receive by email. If need be, go to your browser, enter the PayPal address and log in directly. It's safer.
Now access an unlimited number of passwords: