New Phishing Kit Targets PayPal Users

Share post:

Researchers from Internet technology company Akamai have discovered a phishing kit that targets PayPal users. The phishing kit is hosted on legitimate WordPress websites that have been hacked. This allowed the phishing kit to circumvent detection to some extent.

According to the researchers, the phishing kit was discovered after the threat actor planted it on their WordPress honeypot. The threat actor target poorly secured websites and brute-forces their login using a list of shared login credentials found online.

The access is used to install a file management plugin that allows them to upload the phishing kit to the breached website.

To avoid detection, the phishing kit cross-reference IP addresses to domains belonging to a specific set of certain companies, including some cybersecurity companies.

The threat actors then try to make the fraudulent site look professional and mimic the original PayPal site as well as possible.

In order to steal data, the threat actors add a CAPTCHA challenge to create a false legitimacy, and the victim is then asked to log into their PayPal account using their email address and password. Once entered, the information is automatically delivered to the threat actor.

The threat actor also uses an “unusual activity” format to obtain more information from victims. The victim is then asked to provide additional financial and private information such as payment card details, card verification code, physical address, social security number and the mother’s maiden name.

The sources for this piece include an article in BleepingComputer.


Related articles

London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds...

Microsoft cancels universal Recall release in favor of Windows Insider preview

Microsoft has decided to cancel the wide release of Recall, the controversial tool for Copilot+ PCs, and instead...

Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th,...

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways