14 DAY TRIAL // In case you receive an email from PayPal informing you that a mobile payment has been made from your account to JD Sports, take a good look at it, as it might have nothing to do with PayPal. Cybercriminals are abusing the payment processor’s reputation in a phishing scam.
The emails are entitled “You sent a payment” and they read something like this:
“Dear customer,
You sent a mobile payment for £47.00 GBP to JD Sports Ltd. A message has been sent to the recipient asking them to accept or refuse the payment. Please note that it may take a while for this payment to appear in your Recent Activity list on your Account Overview.
View the details of this transaction online.”
According to security expert Graham Cluley, who analyzed these malicious emails, users who click on the links are taken to a PayPal phishing site.
By entering their username and password on this site, internauts are not logging in to their PayPal accounts. Instead, they’re handing over their credentials to the cybercriminals that run the scam.
The phishing page is well designed and almost perfectly replicates the genuine PayPal website. However, it’s not hosted on PayPal.com, but a subdomain of a Hungarian website, more precisely an online store that sells dog bite training suits.
This is a common tactic utilized by cybercriminals to make sure their phishing pages are not flagged too quickly by website reputation services and other security solutions.
“What’s happened here is that a website has been hacked, and criminals have planted a bogus PayPal home page onto the hacked website’s servers. The owners of the website probably aren’t aware of what is happened, and clearly aren’t taking enough care over their website security,” Cluley noted after analyzing the Hungarian website.
“Chances are that they have software running on their web server that is vulnerable to exploitation – and allowed the phishers to plant their trap.”