Application security, Threat Management, Incident Response, TDR

New phishing scam siphoning PayPal user credentials

Users of PayPal are being targeted in a new phishing scheme that steals their credentials, according to My Online Security.

Emails arrive with a purported link to the popular money transfer service. When clicked, Javascript embedded by phishers sends user to the actual PayPal site but concurrently their login credentials are whisked away to a different domain.

The javascript is triggered once the page, an HTML attachment, is loaded. It then hijacks all messages intended for PayPal.com and reroutes them to a phishing page.

Recipients are unaware of the fraud. Common security precautions advise users to hover their mouse over a link or submit button to ensure they are travelling to a legitimate URL. But, as the post explains, "This no longer is safe advice when hidden JavaScript redirection is used." 

Beware when unzipping attachments, the site warns. If it reads .EXE, it likely is maliciious.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.