Expert Insight On New PayPal Phishing Campaign Tricks Users To Send Over Passport Details

By   ISBuzz Team
Writer , Information Security Buzz | Feb 11, 2020 07:07 am PST

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports. The campaign starts with a fairly run-of-the-mill phishing email, purporting to be from the online payment company’s notifications center, which warns victims that their account has been limited because it was logged into from a new browser or device. The email recipient must verify his or her identity by clicking on a button, which is a address that then redirects the browser to an attacker-owned landing page, which asks for a complete rundown of personal data.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
February 11, 2020 3:09 pm

We are seeing the criminals becoming more and more brazen in their attacks and methods. The key is to dupe someone to click on a phishing link, once that has happened then the criminal can ask for whatever they wish.

This is not uncommon as we have seen this evolution in ransomware. Whereas previously ransomware only encrypted files now criminal look to steal data and logins and as much information as possible.

Similarly, we could be seeing the emergence of a trend where phishing attacks will look to gather more and more information.

It is why organisations need to ensure staff receive effective and timely security awareness and training so that they can spot phishing emails and report them appropriately.

Last edited 4 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x