In this article we are going to warn of a PayPal phishing email that is making a massive theft of customer data a little less than a week ago.
Updated! January 2018
A new wave of PayPal phishing emails has been detected with the following subject:
[Reminder Statement Update] Statement sign-in and checking account, Emailed on 07/01/2018
In the body of the message, we are notified that unusual movements have been made on the credit card:
Our system has detected unusual charges to a credit card linked to your paypaI account.
And they leave us a link to update the information of the paypal account: https://t.co/zDdMwlmc0n
By accessing that link in Google Chrome you have already warned us that it can be a deceptive site.
Updated! September 2017
We have detected another wave of PayPal Pishing emails with the following Subject:
RE: [Summary Report Alerts]: New Statement Update Account log on with Google Chrome Mon 18/09/2017
The sender of the mail is:
In the email they inform that a user is using your Paypal account without authorization, and they urge you to update the data in the following link: Login Now and Verify Your Account corresponding to https://t.co/HXHZMJUhaO.
This link leads to a website like this: https://jloeapoloeuajnvuef-eiaieabteuyaifcnpoleofjvax.me/webapps/5e3d0/websrc
It is recommended to ignore the mail .
You can review the other article on "la Caixa" in which it is a similar case.
As many people know, Paypal is today one of the most important Internet payment systems. Recently a new wave of cyber attacks has been deployed through phishing techniques that are hitting hard.
Continuing with the suspicious Paypal email, I thought it would be an email with advertising or information.
When I opened it I found the following:
Dear Valued Customer,
This is to confirm that you have logged in to your PayPal account from a new device in China.
If this was not you, let us know right away . It's important because it helps us make sure no one is accessing your account information without your knowledge.
Please follow these steps:
Almost without thinking I thought that I had entered the Paypal account from China .
The sender of the email was:
That long address left me a little fly and that the account outside of live.mail.com in the end made me doubt the real origin of Paypal.
Anyway I clicked on the email link to verify my data.
The link was shortened, so I could not see what the destination address was: http://bit.ly/2tLtRzV
The link led to a page such as https://accountantlimited.net/webapps/15601/websrc
And judging by the graphic aspect, everything seemed to indicate that it was a Paypal login page.
The colors, the styles of the website, the structure of the page, etc ...
The page was secure, it had an SSL certificate from Let's Encrypt, but when viewing the certificate it did not put the sender's data:
The links at the bottom of the page gave a 404 error (page not found) when clicking, which seemed rather strange.
When seeing the source code of the page it was encrypted, something unusual. So I started to enter my data to see what was wrong with Paypal and access from China.
Once the data was placed, another Paypal notification page appeared ... and another to complete my complete data; name, address, phone, etc ... Until the close session button worked.
But wait a moment! Seriously you are going to put your data! Really??
As you may have noticed, in the article I have left some clues that we can find to determine that an email is malicious.
The domain in question is geolocated in Buffalo, in the state of NY.
It's a typical phishing email, for the theft of PayPal accounts,
so it is advisable not to provide the data under any circumstances.