PayPal phishing scams are not uncommon, but every once in a while we come across a sample that’s worth mentioning. The latest variant comes as a shady email which urges recipients to update their account records.
Here’s what the email – entitled PayPal Service - update required for your account
- looks like (via
Because of concerns for the security and integrity of your account, we issued this warning message.
It has been brought to our attention that your account access must be updated as part of our ongoing commitment to protect your account and reduce cases of fraud on our website.
If you could take 5-10 minutes of your online experience and update your records.
As with all phishing emails, the links contained in it point to a webpage that cleverly replicates the PayPal login page. Also similar to other such campaigns, a website has been compromised to host the malicious page.
However, in this case, two sites have been hijacked. The first one contains a script that redirects the victim to the second domain, the one that hosts the replica login page.
The websites were probably easily hijacked because they seem to be developed by somewhat amateur developers who haven’t thought much about security.
The fake PayPal webpage in this case is so well-designed that you can hardly see any difference between it and the legitimate one.
As always, we advise users to be careful when clicking on links from unsolicited notifications. However, in this case, if you’ve already clicked on the link, you have nothing to worry about as long as you didn’t provide your email address and your PayPal password.
If you did provide these details, be sure to change your password before the cybercriminals take advantage of them.