XRL Tech Corner

Blog
Font size: +

PayPal phishing email

In this article we are going to warn of a PayPal phishing email that is making a massive theft of customer data a little less than a week ago.

Updated! January 2018

A new wave of PayPal phishing emails has been detected with the following subject:

[Reminder Statement Update] Statement sign-in and checking account, Emailed on 07/01/2018

It comes theoretically from the sender "This email address is being protected from spambots. You need JavaScript enabled to view it." but if we look at the actual address, it is really:

This email address is being protected from spambots. You need JavaScript enabled to view it.

In the body of the message, we are notified that unusual movements have been made on the credit card:

Our system has detected unusual charges to a credit card linked to your paypaI account.

And they leave us a link to update the information of the paypal account: https://t.co/zDdMwlmc0n

By accessing that link in Google Chrome you have already warned us that it can be a deceptive site.

paypal phishing website

Updated! September 2017

We have detected another wave of PayPal Pishing emails with the following Subject:

RE: [Summary Report Alerts]: New Statement Update Account log on with Google Chrome Mon 18/09/2017

The sender of the mail is:

This email address is being protected from spambots. You need JavaScript enabled to view it.

In the email they inform that a user is using your Paypal account without authorization, and they urge you to update the data in the following link: Login Now and Verify Your Account corresponding to https://t.co/HXHZMJUhaO.

This link leads to a website like this: https://jloeapoloeuajnvuef-eiaieabteuyaifcnpoleofjvax.me/webapps/5e3d0/websrc

It is recommended to ignore the mail .


You can review the other article on "la Caixa" in which it is a similar case.

As many people know, Paypal is today one of the most important Internet payment systems. Recently a new wave of cyber attacks has been deployed through phishing techniques that are hitting hard.

security 1202344 640

Continuing with the suspicious Paypal email, I thought it would be an email with advertising or information.

When I opened it I found the following:

Dear Valued Customer,

This is to confirm that you have logged in to your PayPal account from a new device in China.

If this was not you, let us know right away . It's important because it helps us make sure no one is accessing your account information without your knowledge.

Please follow these steps:

  1. Click the link below to open a secure browser window.
  2. Confirm that you're the owner of the account, and then follow the instructions.
Confirm Now

Sincerely,
PayPal

Almost without thinking I thought that I had entered the Paypal account from China .

The sender of the email was:

PayPal <This email address is being protected from spambots. You need JavaScript enabled to view it.>

That long address left me a little fly and that the account outside of live.mail.com in the end made me doubt the real origin of Paypal.

Anyway I clicked on the email link to verify my data.

The link was shortened, so I could not see what the destination address was: http://bit.ly/2tLtRzV

The link led to a page such as https://accountantlimited.net/webapps/15601/websrc

And judging by the graphic aspect, everything seemed to indicate that it was a Paypal login page.

The colors, the styles of the website, the structure of the page, etc ...

The page was secure, it had an SSL certificate from Let's Encrypt, but when viewing the certificate it did not put the sender's data:

false certificate

The links at the bottom of the page gave a 404 error (page not found) when clicking, which seemed rather strange.

When seeing the source code of the page it was encrypted, something unusual. So I started to enter my data to see what was wrong with Paypal and access from China.

Once the data was placed, another Paypal notification page appeared ... and another to complete my complete data; name, address, phone, etc ... Until the close session button worked.

But wait a moment! Seriously you are going to put your data! Really??

As you may have noticed, in the article I have left some clues that we can find to determine that an email is malicious.

The domain in question is geolocated in Buffalo, in the state of NY.

It's a typical phishing email, for the theft of PayPal accounts,

so it is advisable not to provide the data under any circumstances.

Rate this blog entry:
blogpay a new cryptocurrency for bloggers
Install Raspbian in Raspberry PI

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Wednesday, 17 July 2019

Captcha Image