PayPal users beware of holiday phishing scam

The holiday shopping season means more people making more online purchases -- a prime opportunity for phishing scams

With Black Friday quickly approaching, and retailers racing to outdo each other with earlier and earlier deals, it is safe to say that the holiday shopping season has begun. If you're shopping online, though, and paying with PayPal -- be warned. There is a phishing attack targeted just for you.

The holidays come with a dramatic spike in shopping, and nobody appreciates the increase in online commerce more than cyber criminals. While you're preparing for a Thanksgiving celebration of beer and watching the Detroit Lions make a mockery of professional football...Hey, don't judge. You try supporting a team that has been consistently sad for 60 years and see if you aren't a little bitter. Fine. While you're preparing for a traditional Thanksgiving feast and plotting your Black Friday shopping strategy, malware developers are hard at work finding ways to capitalize on the shopping season.

PayPal is established as a leading method of online payments. It is an integral part of eBay purchasing -- a very popular way to acquire gifts during the holiday season, and it is widely accepted as a method of payment by online retailers of all sorts. It makes sense that cyber criminals would try to capitalize on the spike in PayPal transactions to catch naïve or unsuspecting users off guard.

AppRiver's Troy Gill has uncovered just such a scam. "Since so many people use PayPal in conjunction with the impending holiday shopping spree, scammers are looking to take full advantage of unwary consumers. The latest PayPal related scam targets PayPal users via email. Unlike most of the PayPal scams that we have seen in the past that included a link in the body of the message, these have an attached HTML. When the attachment is clicked a Java Script will produce a Phishing page that mimics a legitimate PayPal page. The input information is then sent off to another domain that will make it available for the cybercriminals."

As Gill notes, this attack attempts to dupe victims by using an attachment as opposed to a link. Granted, users should be conditioned to avoid both links and file attachments in suspicious or questionable e-mails, but just switching things up from the normal malicious URL might be enough to snare some unwary users.

Once the attackers have the PayPal credentials entered on the spoofed PayPal page, they can transfer the funds out of the PayPal account, make purchases using the money in the PayPal account, request funds to be sent to the PayPal account, or anything else the legitimate account holder is normally able to do with a PayPal account.

Most avid PayPal customers hopefully know better than to fall for such a thing, but with the holidays and the spike in online shopping comes a deluge of newbies who know enough to use PayPal to make purchases, but aren't seasoned in how to protect it.

Gill warns, "During the next few months you should be aware that you will be a broader target for scammers looking to take advantage of your increased purchasing activity. Since most people will be making a far greater number of purchases on their credit cards around the holidays they would be less likely to notice fraudulent activity on their cards."

Just remember the mantra that common sense and cautious skepticism will prevent almost all attacks. Happy Holidays!

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityspamantispamvirusessecurityshoppingpaypalphishing

More about eBayPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place