Phishing attacks are becoming ever more complex, and the most advanced employ baits that seem as legitimate as possible. This is the case of a recent phishing attack targeting PayPal users, as detailed in an investigation by KrebsonSecurity.
The hackers took control of a PayPal Business account and used it to send a group of customers emails warning them that their PayPal accounts were possibly compromised.
The users were given a link to an invoice hosted on PayPal’s official website with this warning: “there is evidence that your PayPal account has been accessed unlawfully. $600.00 has been debited from your account for the Walmart eGift Card purchase”.
The message concludes by asking users to contact a toll-free number if they did not make this transaction. If the victim calls this number, the person who answers claims to be from “customer service” and suggests that they download a piece of software. This software allows the fraudsters to take control of the target computer remotely—a much more lucrative goal than just access to a PayPal account.
The emails all come from a legitimate PayPal address, allowing them to pass anti-spam checks. Additionally, the fake invoice comes from a paypal.com subdomain. This leads some of even the most vigilant users to let their guard down.