Australian PayPal Users Targeted by Phishers with Fake eBay Payments

Sophos experts provide some simple advice on how not to end up a victim this Christmas

  Fake PayPal notification
With the holidays right around the corner, cybercriminals are beginning to intensify their campaigns and, it seems, they’re once again turning to a classic scheme to make a profit. They’re targeting Australian users with bogus PayPal notifications.

With the holidays right around the corner, cybercriminals are beginning to intensify their campaigns and, it seems, they’re once again turning to a classic scheme to make a profit. They’re targeting Australian users with bogus PayPal notifications.

It all starts with a cleverly designed email that informs recipients about a payment made to eBay. The amount of money paid out is not large, but since the purchased product’s description is missing, it’s likely that potential victims will rush to cancel the payment.

The attackers have placed a “Press here to cancel this payment” link at the bottom of the email, hoping that users will click on it without giving it too much thought.

Those who fall for it are not taken to the legitimate PayPal site, but to a replica where they’re asked to provide their email address and password.

As experts from Sophos highlight, it’s easy to tell that this is a scam because the URL of the website isn’t paypal.com as it should be. Also, the connection is http, instead of the secure https.

Another noteworthy thing is that the website which hosts the malicious webpage hasn’t been specially set up for this purpose. Instead, the cybercrooks compromised an insecure server which they most likely identified by utilizing automated tools.

In order to avoid becoming victims this Christmas season, experts advise you to be careful what you click on, and never rely on login links that arrive via email. Also, be cautious when providing your password.

Finally, website owners are advised to secure their servers before putting them online, since it takes cybercriminals just a few seconds to compromise them and use them for their own malicious purposes.

Comments