{"id":11912,"date":"2019-12-30T14:15:00","date_gmt":"2019-12-30T19:15:00","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=11912"},"modified":"2020-08-25T10:18:13","modified_gmt":"2020-08-25T14:18:13","slug":"the-latest-paypal-phishing-email-goes-beyond-your-login-credentials","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/the-latest-paypal-phishing-email-goes-beyond-your-login-credentials\/","title":{"rendered":"The Latest PayPal Phishing Email Goes Beyond Your Login Credentials"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Another day and another clever PayPal phishing scam to\nlearn from to better protect yourself and your organization<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cIn this world, nothing can be said to be certain, except death, taxes, and PayPal phishing email scams,&#8221; said Benjamin Franklin. Don&#8217;t believe me? Google yourself. Okay, okay, he might have missed out on the PayPal phishing part, but you get the point.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Thanks to the huge incentive they have, <a href=\"https:\/\/www.thesslstore.com\/blog\/how-to-tell-if-an-email-is-really-from-paypal\/\">fraudsters keep using PayPal&#8217;s name<\/a> to fool users into doing something that they shouldn&#8217;t. This time, they&#8217;ve come up with a new phishing scam that uses PayPal as leverage \u2014 only this time, they&#8217;re also set their expectations high. <a href=\"https:\/\/www.welivesecurity.com\/2019\/12\/20\/scam-wants-more-than-paypal-logins\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">ESET researchers<\/a> in Latin America discovered this scam, which cybercriminals posing as the online payment service use to get users to provide other sensitive information, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>access credentials<\/li><li>private information, including\nyour mailing address<\/li><li>credit or debit card\ninformation<\/li><li>email account login information\n&nbsp;<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">So, just how does this PayPal phishing email scam work?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How the Latest PayPal Phishing Email Scam Snares Victims<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Presenting the Bait<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Humans are funny animals. As a species, we possess the most\ncomplex type of brain and have an even more complex psychology working behind\nit. However, we tend to behave so predictably in certain situations. Hackers\nand scamsters understand this quite well, and they are exceptional at using\nthis truth to their advantage. They do this through the use of phishing scams. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The latest PayPal phishing email scam is no different in this regard, except that it chooses a smarter way to go about it. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As it goes with most phishing scams, it all starts with an\nemail. This email (somewhat) looks as if it has come from PayPal and instills\nfear by &#8220;informing&#8221; you of an unusual login from an unknown device.\nThen it tells you to secure your account to avoid any potential financial loss.\n<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s how it looks:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"497\" height=\"481\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-emal1v2.png\" alt=\"Screenshot: PayPal phishing email scam example from WeLiveSecurity by ESET\" class=\"wp-image-11913\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-emal1v2.png 497w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-emal1v2-300x290.png 300w\" sizes=\"auto, (max-width: 497px) 100vw, 497px\" \/><figcaption>Image source: https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-1.png<\/figcaption><\/figure><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Pulling the Rod<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once a user has been hooked, it&#8217;s time for the cybercriminal to pull the rod. In the context of this scam, once the user has clicked on the link provided in the email, they\u2019re taken to a website that\u2019s designed to look like PayPal\u2019s official website. This web page, often written in poor English, tells you that they (PayPal) have noticed some unusual activity on your account and asks you to enter a captcha code to proceed further. One thing to note here is that instead of leading you straight to a (fake) login page, fraudsters ask you to enter a captcha code. Psychologically, this is a smart move. It\u2019s like playing it \u201ctrue\u201d before bluffing in poker. All poker players would get this. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another thing to note here is that the web page where you&#8217;re taken has a &#8220;secure&#8221; padlock in front of its URL bar. Users who&#8217;re educated to look for the padlock security indicator, will likely consider this website to be a safe website. Here\u2019s how this web page looks:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"659\" height=\"570\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email2.png\" alt=\"\" class=\"wp-image-11915\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email2.png 659w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email2-300x259.png 300w\" sizes=\"auto, (max-width: 659px) 100vw, 659px\" \/><figcaption>Image source:  https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-2-768&#215;656.jpg <\/figcaption><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">If you fall prey to this plot, you\u2019re taken to a fake PayPal login page, and you&#8217;re asked to log into your account. This page looks exactly like the real PayPal login page. First, you&#8217;re asked for your user name, and then you&#8217;re asked for your password, just like you&#8217;re asked on the official PayPal website.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"648\" height=\"430\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email3-1.png\" alt=\"\" class=\"wp-image-11918\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email3-1.png 648w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email3-1-300x200.png 300w\" sizes=\"auto, (max-width: 648px) 100vw, 648px\" \/><figcaption>Image source: https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-3-768&#215;492.png<\/figcaption><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"655\" height=\"492\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email3.png\" alt=\"\" class=\"wp-image-11916\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email3.png 655w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email3-300x225.png 300w\" sizes=\"auto, (max-width: 655px) 100vw, 655px\" \/><figcaption> Image source: https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-4-768&#215;553.png<\/figcaption><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Once You\u2019re Hooked: Going Beyond Your Credentials<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You know what happens when you click on the <strong>Log In<\/strong> button after entering \u2014 er, giving away \u2014 your credentials, don&#8217;t you? However, your PayPal user information is not the <em>only<\/em> thing the phishers are after in this particular PayPal phishing scam. Once you log in, you&#8217;re asked to verify your account. Like the previous page, this page, too, is written in poor English. It prompts you to click on the <strong>Continue to PayPal<\/strong> button. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once you click on that button, the next phase of this PayPal phishing email scam takes you to a series of web pages that ask you for your personal information such as home address and financial information. In the end, you&#8217;re once again asked to enter your PayPal credentials to &#8220;link an email account.&#8221; Check out the screenshots for the details.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"565\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email5.png\" alt=\"\" class=\"wp-image-11919\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email5.png 650w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email5-300x261.png 300w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><figcaption>Image source:  https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-6-768&#215;652.jpg <\/figcaption><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"651\" height=\"553\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email6.png\" alt=\"\" class=\"wp-image-11920\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email6.png 651w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email6-300x255.png 300w\" sizes=\"auto, (max-width: 651px) 100vw, 651px\" \/><figcaption>Image source:  https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-7-768&#215;634.jpg <\/figcaption><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"658\" height=\"565\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email7.png\" alt=\"\" class=\"wp-image-11921\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email7.png 658w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email7-300x258.png 300w\" sizes=\"auto, (max-width: 658px) 100vw, 658px\" \/><figcaption>Image source: https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-8-768&#215;650.jpg<\/figcaption><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"653\" height=\"560\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email8.png\" alt=\"\" class=\"wp-image-11922\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email8.png 653w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/paypal-phishing-email8-300x257.png 300w\" sizes=\"auto, (max-width: 653px) 100vw, 653px\" \/><figcaption>Image source:  https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/12\/Fig-9-768&#215;643.jpg <\/figcaption><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Once you do all of this, then a message displays that tells you that you\u2019ve successfully restored your account. However, this couldn\u2019t be further from the truth \u2014 what you have done is virtually wrap up your identity into a nice, pretty little package and handed it over to the cybercriminal. Now, your information is available for them to misuse through various forms of fraud. That&#8217;s the outcome of the latest PayPal phishing email scam.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A Final Word<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">No matter how we curse hackers and fraudsters, we have to\nacknowledge that they&#8217;re quite smart (barring their English) when it comes to\nfooling us. They know our pain points, they know what our brains respond to\nspecific situations, and they know how ignorant or unobservant we can be. We\u2019re\nlike fish taking the shiny bait they throw out to capture us. Now you know why\nthey call it &#8220;phish\u201ding. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">No matter how smart cybercriminals are, we can always be a step ahead of them. All we need is a little bit of cyber security awareness and to exercise our skills of observation. No phishing scam in the world can fool you if you are vigilant. Remember, a <a href=\"https:\/\/www.thesslstore.com\/blog\/dropbox-phishing-scam-dont-get-fooled-by-fake-shared-documents\/\">phisher is nothing more than a poor man\u2019s magician<\/a>. <\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Another day and another clever PayPal phishing scam to learn from to better protect yourself and your organization \u201cIn this world, nothing can be said to be certain, except death,&#8230;<\/p>\n","protected":false},"author":10,"featured_media":11923,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16,10200],"tags":[305,166],"class_list":["post-11912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","category-monthly-digest","tag-paypal","tag-phishing","post-with-tags"],"views":30986,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/bigstock-137923742.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/11912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=11912"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/11912\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/11923"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=11912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=11912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=11912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}