A new phishing campaign has been identified that targets PayPal users with fraudulent text messages, according to TechRadar. The exploit attempts to steal a variety of sensitive user details, in addition to their PayPal credentials. Targets first receive an SMS message stating that the user’s PayPal account has been partially suspended due to suspicious activity. The user is then asked to click on a link that will enable them to verify their account. However, this link actually leads to a fake login page that allows the attacker to steal the entered login credentials. The phishing page then asks for further details, including names, addresses, and bank details, which the attacker could use for further fraudulent activity.
<p>SMS phishing, or smishing, continues to catch people out due to the more authentic feel, and lack of ways to verify compared to a traditional phishing email. These messages usually come packed with an element of fear too, which is meant to entice the victims into clicking the link without even a moment to think.</p> <p> </p> <p>Anyone receiving such text messages with links in them must firstly spend time studying the URL. There will often be a clue in the wording that when inspected will highlight that it won’t take you to the genuine site. If ever in doubt, call the company they are claiming to be on a number you find on the genuine website.</p> <p> </p> <p>Take a look at your smart phone settings and block specific numbers from texting you, and contact your service provider who can take action against spam messages. Although this won’t completely stop them, it may help towards receiving fewer unsolicited messages in the future.</p>