Recent PayPal Phishing Scheme Steals Credit Card Information

Now, Amazon has found another phishing campaign that impersonates PayPal and asks customers to phone the attackers directly to cancel a bitcoin order placed on the payment site. On the other hand, phone numbers are collected for use in subsequent attacks rather than canceling the fake order, and a user’s banking information may also be taken in the process. Moreover, security experts have discovered a new phishing campaign that takes advantage of trusted websites like Glitch and GoDaddy to trick people into handing over their PayPal login information.
July 23, 2022
Phishing Scam , Online Scam

The term “phishing” refers to a type of identity theft that occurs over the internet and is typically carried out for financial benefit.

It accomplishes its goal by deceiving you into divulging private and sensitive information, including as the numbers of your credit and debit cards, the passwords to your online accounts, and the specifics of your bank accounts.

Sending a phishing email designed to look like it was sent from a reputable business or brand is one of the most popular phishing scams. This email will then take you to a fake version of a well-known website, which will record any information you submit, including your password, bank information, and other personal information.

PayPal is dedicated to assisting in the closure of these sites and ensuring that you can identify phishing attempts as quickly as possible. Their responsibility is to protect your online identity to the greatest extent possible.

PayPal Phishing Campaign

The cybercriminals behind a new phishing attack are imitating PayPal to steal credit card information from consumers who are unaware the scam is targeting them.

PayPal Chargeback Scam.

A similar campaign that mimicked Amazon was discovered by security experts working for the email security firm Avanan, which CheckPoint acquired in November of the previous year. These attacks were successful because they used real Amazon URLs and required consumers to call customer service to cancel their fake orders.

Now, Amazon has found another phishing campaign that impersonates PayPal and asks customers to phone the attackers directly to cancel a bitcoin order placed on the payment site. On the other hand, phone numbers are collected for use in subsequent attacks rather than canceling the fake order, and a user’s banking information may also be taken in the process.

Moreover, security experts have discovered a new phishing campaign that takes advantage of trusted websites like Glitch and GoDaddy to trick people into handing over their PayPal login information. Armorblox, an email security company, found the campaign and detailed the whole attack mechanism in a blog post.

The attackers started by building a fake PayPal website eerily similar to the real one. They made a website rapidly with Glitch, a low-code application that can be “launched on a secure URL in under a minute,” according to Armorblox. Then, they obtained a secureserver.net domain through GoDaddy, from which they are sending their victims a fake email.

The email itself is made to look just like official correspondence from PayPal. The researchers claim that despite typos and other errors in the email, it “bears enough surface-level similarities to a real PayPal email to pass the eye tests of unwary victims.”

The email’s contents are typical of phishing scams: the scammers warn the recipient that their PayPal profile is incomplete and that outdated card information may be to blame. According to the email, if the recipient doesn’t change their information, they will lose access to their account.

The victim is asked to click on a malicious link in exchange for their phone number, email address, and PayPal password. If you have lately received any emails from PayPal that appear suspicious, you need to be aware of the following information to prevent becoming a victim of this scam.

HAVE YOU BEEN SCAMMED AND NEED HELP IN FIGHTING BACK?

Scammers can create complex scams that can trap even the most cautious of people. But it’s not too late because we can help you track the damage done by scammers

We can help you get your money back!

Luring victims with Fake PayPal Order Confirmation Emails

The perpetrators of this new phishing attempt begin by sending what appears to be a PayPal order confirmation to potential victims, notifying them that they have acquired more than $500 worth of Dogecoin.

At the very bottom of the email is a customer service number that customers can call if they decide they want to cancel the order. It may appear that calling the number is the best course of action; however, this is not the case because the cybercriminals behind this scheme can use your phone number to carry out additional cyberattacks through the use of text messages, calls, or WhatsApp messages.

The researchers at Avanan state in a blog post, “just one successful attack can lead to dozens of other ones.” Even though a phone number with a Hawaii area code is listed on the emails the researchers have seen, the people behind this campaign and others like it typically do not operate out of locations such as Hawaii.

Instead, they register a phone number with an area code in the United States and then forward calls to an international relay. This attack is successful because there are no links inside the main body of the email that is distributed to users. Because of this, the message can get through the security filters placed on emails and get in the mailbox of people who could be victims.

Scams about phishing appear year-round. To prevent this kind of scam you can Contact Us for Support!

How to Protect Yourself From Falling For This & Similar Scams

PayPal Account

Avanan advises users to check the sender’s email address first to determine whether or not it is genuine in order to avoid falling victim to the latest phishing scheme targeting PayPal accounts. 

They need to check their PayPal account at this point when they will see that the order in issue is not there in their account. Because attackers supply a transaction ID and date that won’t appear in your PayPal order history, this can be done without any difficulty.

It is also important to remember that fraudsters frequently assume the identity of well-known online businesses and payment providers such as PayPal and Amazon.com. Suppose you have an authentic email from one of these companies stored in your inbox. 

In that case, it is simple to compare the two to see whether or not they contain identical addresses, formatting, or other elements. In the same vein, you should be on the lookout for misspellings and different types of grammar and spelling mistakes at all times since these are major warning signs that can frequently help you identify phishing emails.

In conclusion, you should never contact a number you found in an email without exercising extreme caution. If you want to call, you should never disclose your banking or payment information over the phone because a reputable organization will never ask you. However, if you decide to call, you should do so with extreme caution.

Scammers see opportunities to target us in these uncertain times. Ezchargeback can guide and support you. You can visit our news section for more guides.

Sources

Find Related News

Subscribe to Our Newsletter

h3

ezchargeback-logo-favicon

Scam Recovery Resources

Swift CFD

The most common indication of a broker scam or a Forex trading scam is that the broker is either unregulated or has a low-quality regulatory license. CFD Scams are becoming increasingly common, which is extremely dangerous – due to this, investors need to be aware of which companies to avoid in the CFD market.

Read More »

Funds Trace

Trading in the foreign currency market is always risky, and if your funds are mismanaged, you could lose money. This is not to say that losing money as a result of mishandled funds is acceptable.

Read More »

FundTrace is committed to upholding the journalistic standards online, including accuracy. With our news reporting, our policy is to review each issue on a case by case basis, immediately upon becoming aware of a potential error or need for clarification, and to resolve it as quickly as possible.

do you need help?

A lot of those who contact us have questions and concerns about their personal and business data being compromised. We aim to arm you with the legal and technical know-how in the fight against scams. Also, we will be able to refer you to top scam recovery agencies.

Please fill up the form. Rest assured that our support team will get in touch with you

Share this article
Facebook
Twitter
LinkedIn
Leave a comment

Latest Articles

Scan the code