14 DAY TRIAL // The PayPal “Identity Issue” malware campaign was first spotted by Cisco experts in April 2013. However, the malicious emails are still making the rounds.
“We are writing you this email in regards to your PayPal account. In accordance with our ‘Terms and Conditions’, article 3.2., we would like to kindly ask you to confirm your identity by completing the attached form,” the fake emails read.
They continue, “Please print this form and fill in the requested information. Once you have filled out all the information on the form please send it to [email protected] along with a personal identification document (identity card, driving license or international passport) and a proof of address submitted with our system (bank account statement or utility bill).”
The older version of the email had the malware directly attached to it. The variant spotted by security expert Conrad Longmore contains a link that takes victims to a legitimate hacked website.
Here, the user is redirected to one of three domains set up to serve a malicious payload.
The same cybercriminals are behind another spam run that’s currently doing the rounds. The emails are made to look like Facebook notifications titled something like “Victoria Carpenter commented on your status.”
The emails simply read something like: “Hello,Victoria Carpenter commented on your status. Victoria wrote: ‘so cute;)’.”
When curious users click on the “Go to comments” link to see who this mysterious Victoria Carpenter is, they’re taken to the same malicious domain as in the case of the fake PayPal emails.
In case you’re the IT administrator of an organization, it may be useful to check out Dynamoo’s Blog to see what IPs you should block to protect your networks against these particular attacks.