A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports. The campaign starts with a fairly run-of-the-mill phishing email, purporting to be from the online payment company’s notifications center, which warns victims that their account has been limited because it was logged into from a new browser or device. The email recipient must verify his or her identity by clicking on a button, which is a bit.ly address that then redirects the browser to an attacker-owned landing page, which asks for a complete rundown of personal data.
Active PayPal Phishing Scam Targets SSNs, Passport Photos by @threatpost https://t.co/hFqjdms2xD pic.twitter.com/rZcQRkcigH
— Information Management Today (@infomgmttoday) February 11, 2020
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
