E-mail Phishing Threat: PayPal Users at Risk
In a new e-mail phishing campaign, Sophos security firm identified PayPal's at major risk, as reported by softpedia on November 7, 2011.
The enticing fake message of the phishing e-mail accustoms its victims about the detection of a hack in the PayPal account due to which the host (PayPal) had stopped access into the account for further investigation. In lieu of the same, PayPal has sent an attachment mail to the user with all the necessary steps for restoring the access to the account. For the same, the user or the victims are required to download the attachment and open it in their browser.
Opening of the attachment leads to a replicate version of the PayPal page and the user is motivated to enter their personal details including name, date of birth, social security number, phone and other sensitive data that intends to facilitate the crooks to obtain the contents of a bank account.
According to David Schwartzberg, a Senior Security Engineer at Sophos, the e-mail poses to hit the soft corner of ignorant users and play with their intentions. As a result, the victims ply at providing all sensitive data and jeopardize their life in contrast, reported nakedsecurity on November 6, 2011.
Further adding to his statement, Schwartzberg acclimatized that as PayPal is a trusted name in electronic payment, users are easily trapped. Thus, the modus operandi of this phishing campaign is to play with users' trust and gain their confidence with the subject of account breach.
However, as Sophos reveals, there are some loops in this phishing scam also and can be well recognized by a vigilant PayPal user. The most fundamental is the absence of PayPal in the e-mail address of the sender.
The other loop is the name of website used by the sender as indicated in pp-redacted-.com, which is rather different from original web address of PayPal. Actually, it copied similar initials served by an instrumentation company based out of Massachusetts.
Nonetheless, this is not the first instance of PayPal being attacked by cybercriminals. History reveals similar instances on February 2011 also, when users of PayPal received an e-mail message that claimed them with an urgent security warning.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 11-11-2011