Incident Response, TDR

PayPal phishing websites spike in 2014, easy vector for attackers

Phishers have their crosshairs steadied on PayPal now more than ever, according to "The Internet Threats Trend Report April 2014," a collaborative effort between cloud-based internet security solutions provider CYREN and network security appliances provider Cyberoam.

In analyzing information security trends in the first quarter of this year and comparing the data to 2013, researchers observed a 73 percent increase in the number of phishing websites related to PayPal, according to the report, which adds the sites go after personal data, including Social Security numbers.

The report indicates that about 18,600 PayPal-related phishing websites were identified in a two-week span, which trumps the runner-up in the same timeframe – about 2,261 Apple phishing websites – by a significant number.

These findings did not surprise Jérôme Segura, senior security researcher with Malwarebytes.

“PayPal phishing pages have always been very popular, perhaps more than banks,” Segura told in a Thursday email correspondence. “Emptying PayPal accounts once they have been stolen is perhaps easier, and lost funds are harder, if not impossible, to recover.”

Segura said he recently observed a phishing website, imitating PayPal, which evolved over time from a rudimentary site that did not work on Google Chrome, to an authentic looking webpage that he said could easily dupe a target into submitting their information, including payment card data.

The evolution is a result of the attacker appearing to have initially launched the phishing website using source code lifted from a Pastebin post, which was then optimized over time until the page looked authentic, Segura said, adding the site eventually ended up running on Google Chrome.

“It showed how easy it would be to add additional checks before serving a phishing page based upon the user's browser, geolocation, [and] language,” Segura said. “It shows that phishing pages could be a lot more targeted, and have better conversion rates.”

Additional findings in the CYREN and Cyberoam report include Android malware featuring encrypted peer-to-peer functions to track users and steal data, spammers using press releases to gain news exposure, and a continued downward trend in email spam – which now accounts for 57 percent of global email.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.