Researchers from Akamai, an American cloud service provider, recently spotted a phishing kit that targets Paypal users. In this campaign, the malicious actor targets users’ personal information.
The Paypal phishing campaign in detail
Phishing kits allow anyone to launch a phishing campaign. Whether you are a hacker or not, hacking becomes accessible to everyone thanks to these toolkits. And that’s driving up the rate of cyberattacks.
This campaign targeting Paypal users was discovered in July. Malicious actors start by injecting malware into legitimate WordPress sites.
They then use a WordPress file manager plugin to deploy the phishing kit. The latter has control capabilities over the connected IP addresses. This allows him to escape detection.
The kit also allows you to rewrite the URL without the .php to be more credible. In addition, all GUI elements of the forms mimic those of PayPal. Fraudulent sites thus appear as authentic.
Personal data theft pushed to its climax
Threat actors use a social engineering technique to trick victims into sharing their personal and sensitive data. These are first brought to solve a CAPTCHA.
This first step creates a false sense of legitimacy and security among users. They are then invited to connect to their Paypal account. The email address used and the password are automatically transmitted to the malicious actor.
Then claiming unusual activity, the threat actor tricks the victim into going through a verification protocol. In this context, he will be required to provide the following information: name, date of birth, postal address, telephone number, bank card information, ATM PIN code, social security number, mother’s maiden name, identifiers email account and scan of a supporting document.