Analysts from Cofense Phishing Defense Center recently found a unique PayPal credential phishing attack. Phishing is a harmful technique that hackers use to steal sensitive information like banking information, credit card data, usernames, and passwords. The actors pretend to be genuine individuals to lure victims by gaining their trust and stealing their personal information. Even worse, the confidential data stolen through phishing attacks can be used for identity theft, financial theft to gain illegal access into victim accounts, or use this account access to blackmail the victims.
Because credential phishing is generally conducted through a simple URL link, it is easy to ignore exaggerated or subtle tactics that hackers use to steal credentials from innocent victims. As per the experts, the attack isn't very sophisticated and doesn't seem suspicious.
Cybersecurity Analyst Alex Geoghagan said that the email may compel the victim to try finding the solution to the problem quickly. The hacker didn't even bother hiding 'from' email address, which was later identified as not actually being from PayPal. But, the e-mail was very well put together and no one would've thought it as a fraud.
Alex Geoghagan says "There is a “Help & Contact” link, as well as an (ironic) “Learn to identify Phishing” link in the body of the email, both leading to authentic PayPal links. Beyond the first clue in the sender email address, when hovering over the button labeled “Confirm Your Account,” it does not lead to a PayPal URL. It instead leads to a URL at direct[.]lc[.]chat. A user familiar with PayPal may notice at this point that they are being taken to a domain outside of PayPal, while the legitimate PayPal live chat is hosted within the PayPal domain and requires that you log in to use it."
After a fake live chat has been accessed, hacker uses automated scripts to start communication with the victims and tries to steal user data, e-mail address, credit card information etc. In other words, hacker takes this information to appear as genuine and store enough information for authentication. Once the information is acquired, hacker tries to steal victim's PayPal credentials. After that, a verification code is sent to target via SMS to make him think an authorised person has access to his device. "This attack demonstrates the complexity of phishing attacks that go beyond the typical “Forms” page or spoofed login. In this case, a carefully crafted email appears to be legitimate until a recipient dives into the headers and links, which is something your average user will most likely not do," says Alex Geoghagan.
