Paypal phishing attack warns your account has been limited

I received an email seemingly from PayPal informing me that access to my account has been limited. It threw me off because I received this at my work email, which is not registered with PayPal. I immediately wondered if my account got hacked. Here is a screenshot of the email:

Image 1: Bogus phishing email example from PayPal
20121206-221958.jpg

The “Click to Confirm” link redirected me to a legitimate-looking PayPal homepage that mimics their current website design.

20121206-222214.jpg
Image 2: PayPal homepage look-a-like used to conduct phishing attacks

Examining the structure of the target URL revealed a different domain – edmrevistas.com and not paypal.com.

hxxp://service.confirm.paypal.cmd.cgi-bin.2866sd4f8e554sfd4e5s23sd8ed52s3f24f7d6sf8e33ds7d3d.
dsfd542426d7s3d6s.sfdef157e6d57323sde8d56s4d.f545d43146e84d5d.d39d2585274f8d8fd.
5485758d27f8166.edmrevistas.com/your-account.php

Interestingly enough, some of the links on the copycat homepage point to the official PayPal website. For example, the “Buy” hyperlink points to the correct hxxps://www.paypal.com/webapps/mpp/how-paypal-works URL. By doing this, the cybercriminal is attempting to fool unsuspecting users that the site is legitimate. Like many other phishing emails, this attack’s intention is to trick you into handing over your PayPal account details, including a credit card number.

One way to check if there is problem with your account is to type the paypal.com URL directly into your web browser and log in as usual. If any legit security messages or account alerts exist, they will be clearly visible via the PayPal messaging system. Here is another example of a PayPal phishing email:

20121206-222416.jpg

Image 3: Another example of a PayPal phishing email

The hyperlinks in the email (image 3) redirect to the same, bogus hxxp://host25.griv.nl/WRBaAAmC/index.html URL, which is nothing more than a phishing website.

Here are five simple tips to avoid being defrauded by phishing emails:
Check all hyperlinks within the email and verify that they point to the parent domain of the brand mentioned in the message. In this case, the hyperlinks should all be under the paypal.com domain.

Be wary of sub-domains, such as site.paypal.com. While it is common of brands to utilize sub-domains for legit reasons, cybercriminals can also leverage them to conduct phishing attacks.

If the email contents or the information being conveyed look suspicious, go directly to the site and login. Information regarding pending transactions or issues with your account is typically visible in your dashboard.

If you receive a notification into an email address not registered to PayPal, it is probably a good idea to ignore it.

5. When in doubt, STOP. THINK. CONNECT. ™

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s