An independent guest blogger wrote this blog.
Going a step further
The new scam, discovered by researchers at ESET, sends PayPal users an email stating that their account has experienced ‘unusual activity.’ The email then requests that the users take specific steps to protect their security. Once users click onto the page, they are directed to a phishing page on which they are asked to provide various details and verify their account by providing data such as their home address and banking details. Once they have provided the requested data, they are informed that their account is now secure/restored.
Signs of scamming
The scam highlights the importance of knowing basic cybersecurity protocol. This includes being immediately suspicious of any email that leads users to a different URL, and wary of any changes – including misspelled words and odd-looking padlocks. One trend that was prevalent this year involved the use of a fake security certificate and a green padlock. Users should be aware of this and other new tricks by staying up-to-date on new cybersecurity risks, and by being vigilant of suspicious requests for information, addresses, links, and changes in page appearance.
A new PayPal threat from 16Shop phishing gang
If you are aware of current phishing threats, then the name 16Shop Phishing Gang will not be new to you. This gang, whose operators are believed to be located in Southeast Asia, is specifically targeting PayPal, according to researchers at the Zero FOX Alpha Team. The group distributes a phishing kit which aims to obtain as much information as possible from PayPal users. The kit works by sending a POST request to a C2 server, with a password, domain and path. The information illicitly taken is then sent via SMTP to the inbox of the controller. The information can then be used to build phishing pages in a number of different languages – including English and Spanish.
The researchers managed to view traffic between the phishing kit and the command and control server. They found that the system was so easy to negotiate that even amateurs could use it without a hitch. They added that the kit was slick and sophisticated, with features such as updating of data in real time. They also found that the kit makers use various anti-bot and anti-indexing features, so as to block automated crawlers used by cybersecurity companies. Thus, the kit allows users to evade detection in many cases.
Recent phishing scams have been targeting PayPal – one of the world’s most widely used payment sites. Scammers aim not only to obtain login details, but also credit card details – which has the potential to cause much larger losses. Users need to be aware of emails such as those reporting suspicious activity. Security teams, too, need to find innovative ways to detect anti-indexing and other features that can allow phishing scammers free reign on the internet. Finally, companies relying on PayPal for payment methods need to find ways to protect their customers and their own accounts, making an effort to boost employee awareness and security.