Akamai researchers have discovered a new and sophisticated phishing scam targeting over 400 million potential PayPal customers.
Akamai employees became aware of the scam after finding it embedded in their own WordPress site, and countless other genuine WordPress sites are also believed to have been hacked.
Poorly secured websites with easy-to-guess passwords and no additional authentication or verification setup are most at risk.
PayPal fraud
The scam starts with a CAPTCHA pop-up, which helps it go almost unnoticed. Users continue to log into their PayPal accounts before confirming payment information, including their address, mother’s maiden name and social security number.
Users are then given a false sense of security as the scam allows them to link their email address to the account, but all it does is give the scammers access to people’s mailboxes.
Identity Theft Fraud
The final step in purportedly securing the PayPal account is uploading an identity document – including passports, driver’s licenses and national ID cards – which can go on to serve a number of potentially illegal purposes.
In his exemption (opens in new tab), Akamai said: “Uploading government documents and taking a selfie to verify them is a bigger game for the victim than simply losing credit card information – it can be used to create cryptocurrency trading accounts under the name of the victim. They can then be used to launder money, evade taxes or provide anonymity for other cybercrimes.
The page layout mimics exactly what users are already used to using PayPal’s color palette and design interface. Additionally, it appears that htaccess was used to rewrite the URL, thus removing the PHP file extension, helping to present a less suspicious web address.
In general, Internet users are advised to either verify that the URL matches the company’s own address, or re-enter the page from a search engine to make sure they are not part of a scam.
https://www.techradar.com/news/hacked-wordpress-sites-are-being-boosted-with-paypal-phishing-kit/
/cdn.vox-cdn.com/uploads/chorus_asset/file/8964133/acastro_170731_1777_0006_v1.jpg "Two more executives are leaving Apple")
