MxLabs Intercepts Fresh Phishing E-Mails Targeting PayPal Members

Security researchers from MxLabs the security company lately detected an outbreak of scam electronic mails purporting to be from PayPal using the header, "Your PayPal account has been limited" while displaying the sender's address as "PayPal<service@paypal.com>," which is actually spoofed.

The phishing electronic mail tells the recipient that unluckily a recent transaction by him with PayPal hasn't turned out successful as restriction has been placed on his PayPal account. This restriction is an attempt for safeguarding his account as also facilitating in making sure that the PayPal online system remains safe. The payment service wants to assist the user eliminate this restriction at the earliest in order that he may keep enjoying the utilities of PayPal, the e-mail continues.

The e-mail then says that measures for eliminating the restriction is provided i.e. the recipient must follow the web-link provided within the scam message followed with entering the log-in credentials for his PayPal account and eventually doing as per the instructions stated.

However, immediately when the web-link is clicked, a website opens up in the user's browser that's on one 'mittemaedchen.de' domain.

What's more, the website asks the user for information like his name, address, birth date, credit card number and country of origin in a given form. Once these details are filled in, the victim then gets diverted onto the real PayPal website.

Commenting on the phishing campaign, MxLabs' security researchers state that it's pretty well crafted with its e-mails complete with a spoofed e-mail id, layout, logo, as well as the same footers. A trivial noticeable issue is that there's no unsubscribe option although the footer indicates so; however, aside that the scam turns out successful, they emphasize.

Additionally the researchers state that victims of the scam are sure to have their bank balances stolen. However, this can be prevented if users look for the tell tale signs of the phishing e-mail. First, the "Unsubscribe" link isn't active at all, which is unlike of genuine PayPal e-mails. Besides, lawful organizations like PayPal aren't expected to request for vital details over e-mail as has been done within the aforementioned instance.

» SPAMfighter News - 10/13/2011