Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Reputation of PayPal Exploited by New Phishing Campaign, Warns Graham Cluley

"Cyber crooks are exploiting the reputation of payment processor PayPal in a new phishing email scam," warns Independent Security Analyst, Graham Cluley, as reported on 30th September, 2013.

The phishing emails with the title 'You sent a payment' addressing the recipient as "Dear customer", tells him he sent a mobile payment of 47Pounds to JD Sports Ltd. It goes on to say that a message has been further sent to the company to either accept or reject the payment. The email recipient is told to note that the aforesaid payment may take some time to feature on his list of 'Recent Activity' of his 'Account Overview', to witness the transaction details online.

Cluley after analyzing these malicious emails thoroughly, said that Internauts clicking on the links land on a phishing web site of PayPal, as published by softpedia.com on September 30, 2013.

Internauts who log into their PayPal accounts and enter their 'username' and 'password' are in actuality sending their credentials to the cybercriminals who run the scam, he added.

The phishing web page is very well-designed and perfectly mimics the original PayPal web site and hosted on a sub-domain of a Hungarian web site which an online-store selling 'dog-bite training suits'.

This is a common strategy employed by cyber crooks to make sure that their phishing web pages are not identified quickly by web site reputation services and also by other security software.

Having analyzed the Hungarian website, Cluley explained that in this case, a web site has been compromised and cybercriminals have implanted a fake PayPal homepage on the server of the hacked website. The owners of the hacked website probably are not aware of this and not taking enough care for their website security.

The expert suggests that everyone must be wary of phishing emails from PayPal and ensure that their own web site is not vulnerable to hackers who may inject malicious code and web pages.

Conclusively, this isn't the first time that PayPal's reputation has been abused by spammers in 2013, as emails impersonating it (PayPal) claiming that the recipient's PayPal account had been deleted and he must click a "Recover Account" link to retrieve his account, were identified in April 2013.

» SPAMfighter News - 09-10-2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page