Analysts at Cofense Phishing Defense Center, a phishing email detection and response platform, recently discovered a phishing attack that uses PayPal credentials to attack victims and steal banking information, credit card data, usernames and passwords . According to Cofense experts, the attack is not very sophisticated and doesn’t look suspicious as the URL link is quite subtle and the fake phishing page is similar to the original site.
Cofense cybersecurity analyst Alex Geoghagan explains that the email can force the victim to try to find a solution to the problem quickly. According to him, the hacker didn’t even bother to hide the email address, which was later identified as not really from PayPal. “But the email was very well prepared and nobody thinks it’s a fraud.”
Also according to the analyst, there is a “help and contact” link, as well as an ironic “learn to spot phishing” link in the body of the email, both leading to authentic PayPal links. In addition to the first clue to the address from the email sender, when hovering over the button labeled “confirm your account”, it does not take the payment gateway URL, but a URL in direct chat. “The user familiar with PayPal might notice at this point that they are being taken to a domain outside the platform, while the legitimate PayPal chat is hosted inside the original domain and requires the user to log in to use it,” says Geoghagan.
Once the fake chat is accessed, the hacker uses automated scripts to initiate communication with the victims and tries to steal user data, email address, credit card information, etc. In other words, the hacker uses this information to appear genuine and stores it for authentication. It then tries to steal the victim’s PayPal credentials. A verification code is sent to the target via SMS to make them think that an authorized person has access to their device.
“This attack demonstrates the complexity of phishing attacks, which go beyond the typical ‘forms’ page or spoofed login. In this case, a carefully crafted email appears to be legitimate, which leads the victim to delve into headers and links, something that for an average PayPal user probably won’t work,” says Geoghagan.