By KM Diaz, | June 18, 2017
New Phishing Scam Targets PayPal Users (YouTube)
A new phishing scam targets PayPal users, stealing login credentials and asks the potential victim to take a selfie while holding the card.
PhishMe, a security research firm, first discovered the fraud which is also the evolution of typical phishing scam that extends the attempt at data theft using only username and password - targeting PayPal users.
Like Us on Facebook
Similar to most phishing scams, the attack starts with an email that seems to come from PayPal. It has the details of the company's address and logo, but the content has a number of spelling and grammatical errors. There is a button at the end of the message saying "Let's Get Going." By clicking on it, the potential victim will be directed to fake a PayPal login screen which appears to be legit but the domain is not related to PayPal.
The login page steals all the user's credentials once entered, and the scam does not stop there. Another PayPal-branded page will appear following the login screen. In here, the user will be asked to verify the account by entering the billing address, complete name, as well as credit card number.
When the user surrenders all these information, they will be directed again to another verification process that asks the user to take a selfie for identity confirmation. The page has several directions on how to take a snap correctly while holding their card - to make sure that the ID and credit card are visible to the photo.
After uploading the photo, the user will be then directed to the official PayPal login screen to enter their username and password to make it seems like the validation process is legitimate
Security researchers from PhishMe advised users to be vigilant when interacting with emails especially if it contains suspicious attachments and links - like those asking to validate information.
Furthermore, users should visit the direct website rather than following the link in the email. Setting up two-step verification on PayPal is also recommended - requires additional login code to access the account - to add a layer of protection to their personal information when user's password is compromised.
-
Use of Coronavirus Pandemic Drones Raises Privacy Concerns: Drones Spread Fear, Local Officials Say
-
Coronavirus Hampers The Delivery Of Lockheed Martin F-35 Stealth Fighters For 2020
-
Instagram Speeds Up Plans to Add Account Memorialization Feature Due to COVID-19 Deaths
-
NASA: Perseverance Plans to Bring 'Mars Rock' to Earth in 2031
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
COVID-19: Doctors, Nurses Use Virtual Reality to Learn New Skills in Treating Coronavirus Patients