New Phishing Kit Targets PayPal Users

Share post:

Researchers from Internet technology company Akamai have discovered a phishing kit that targets PayPal users. The phishing kit is hosted on legitimate WordPress websites that have been hacked. This allowed the phishing kit to circumvent detection to some extent.

According to the researchers, the phishing kit was discovered after the threat actor planted it on their WordPress honeypot. The threat actor target poorly secured websites and brute-forces their login using a list of shared login credentials found online.

The access is used to install a file management plugin that allows them to upload the phishing kit to the breached website.

To avoid detection, the phishing kit cross-reference IP addresses to domains belonging to a specific set of certain companies, including some cybersecurity companies.

The threat actors then try to make the fraudulent site look professional and mimic the original PayPal site as well as possible.

In order to steal data, the threat actors add a CAPTCHA challenge to create a false legitimacy, and the victim is then asked to log into their PayPal account using their email address and password. Once entered, the information is automatically delivered to the threat actor.

The threat actor also uses an “unusual activity” format to obtain more information from victims. The victim is then asked to provide additional financial and private information such as payment card details, card verification code, physical address, social security number and the mother’s maiden name.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Canadian School Boards Hit by Data Breach in PowerSchool Cyber Incident

A significant data breach involving PowerSchool, a widely used student information system, has affected multiple school boards across...

Chinese Hackers Compromised More U.S. Telecom Networks Than Previously Known

A new report from the Wall Street Journal reveals that a Chinese hacking campaign has compromised more U.S....

Cyber Security Today Year End Review: December 21, 2024

This is our year end show. We'll be back in early January, 2025. Merry Christmas and Happy Holidays. Join...

Millions Stolen in Crypto Wallets Linked to 2022 LastPass Hack: Cyber Security Today for Friday, December 20, 2024

Millions Stolen in Crypto Wallets Linked to 2022 LastPass Hack, TP-Link Routers Face Possible U.S. Ban Over National...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways