MailGuard first detected and blocked the scam, which has cyber criminals impersonating PayPal in a bid to steal login and banking credentials from victims.
The cyber criminals behind the scam have crafted yet another email appearing to be from PayPal asking recipients to verify their account.
Here is a sample of one of the emails:
The URL contained within the email actually links to the website of a mass marketing email provider that is now owned by MailChimp.
Here is a sample of the fake landing page hosted on the legitimate site:
These scammers have either hijacked someone's MailChimp account, or they have used stolen credit card credentials to register a new account. MailChimp's good reputation with security providers is being abused here to increase the likelihood of these phishing emails getting through to email recipients.
Visually, the fake landing page appears to be exactly like the PayPal login page. Once the victim has handed over their PayPal credentials, they are redirected to a second page where the ‘phishing’ continues.
Victims are handing over their personal details including address and phone number to the cyber criminals. Clicking continue leads to another landing page seeking credit card information:
The cyber criminals are asking for bank account information, ATM PIN and passport details, as well as a copy of an invoice and a credit card.
At the conclusion of the process, victims are redirected to a legitimate PayPal landing page which advises that their account is ready to use again.
Protection against phishing emails
To protect your business against scams like this PayPal phishing email:
If you are ever unsure if a PayPal email is legitimate, simply contact them directly. You can find more tips on identifying email scams by subscribing to MailGuard’s blog.
Adding a cloud-based email filtering solution will prevent scams like this PayPal phishing email from reaching your inbox and getting in front of your team.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.