Published July 18, 2022
Author: Ash Khan

Phishing scams targeting PayPal users for every last bit of personal information

At cyber security company – Akamai, researchers found a new and sophisticated phishing campaign aimed at over 400 million potential PayPal consumers.

Akamai employees discovered the fraud after seeing it embedded into their WordPress site. Many other legit WordPress sites are believed to be hacked as well.

Poorly protected websites with easy-to-guess passwords and no further verification are most vulnerable to hacking.

PayPal scams

At the beginning of this scam, a CAPTCHA pops up which allows this scam to go unnoticed. Then users connect to their PayPal accounts and confirm payment information such as their address, mother’s maiden name, and social security number.

This gives users a fake sense of security by allowing them to link their email addresses to the account. This gives the hackers access to people’s mailboxes.

Identity theft scamming

The next step in this so-called securing the PayPal account is to upload an authentication document, such as a passport, driver’s license, or national identification card. These can be used for a variety of potentially unlawful activities.

Akamai warned that uploading official documents and snapping a picture to authenticate them is a bigger loss for a victim than just losing credit card information. It could also be used to build crypto currency trading accounts under the victim’s identity. These can also be used to launder money, avoid taxes, or conceal other types of cybercrime.

Website creators have borrowed from PayPal’s color palette and design interface, so the layout closely resembles what consumers are already familiar with. Moreover, it appears that htaccess was used to rewrite the URL, removing the PHP file extension, and resulting in a less suspicious site address.

To ensure that you are not a victim of a scam you can either check that the URL matches the company’s genuine address or re-access the website using a search engine.