New phishing scam siphoning PayPal user credentials

Javascript sends users to PayPal site but concurrently whisks away login credentials to a different domain.
Javascript sends users to PayPal site but concurrently whisks away login credentials to a different domain.

Users of PayPal are being targeted in a new phishing scheme that steals their credentials, according to My Online Security.

Emails arrive with a purported link to the popular money transfer service. When clicked, Javascript embedded by phishers sends user to the actual PayPal site but concurrently their login credentials are whisked away to a different domain.

The javascript is triggered once the page, an HTML attachment, is loaded. It then hijacks all messages intended for PayPal.com and reroutes them to a phishing page.

Recipients are unaware of the fraud. Common security precautions advise users to hover their mouse over a link or submit button to ensure they are travelling to a legitimate URL. But, as the post explains, "This no longer is safe advice when hidden JavaScript redirection is used." 

Beware when unzipping attachments, the site warns. If it reads .EXE, it likely is maliciious.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS