Search This Blog

Showing posts with label Paypal phishing. Show all posts

PayPal Credentials Stolen Through Phishing Attacks




Recently an in-developed ransomware has been found that attempts to take the user's PayPal credentials through a phishing attack notwithstanding encrypting files. The ransomware itself is 'unremarkable', yet the cleverest part is the ransom note as it offers a choice to the user to pay through PayPal just as the typical Bitcoin course.

Found by the MalwareHunterTeam, the trick offers criminals a one-two punch of advantages: Individuals who pay utilizing the internet's payment technique will be coordinated to a persuading looking phishing website which will endeavor to take the unfortunate user's PayPal credentials.

Be that as it may, in case of the PayPal phishing site choice when users tap on the "Buy Now" button, they are thusly directed to the Credit card part of the phish, in this way skirting the login.

What's more, when the victim submits their data, it is sent to http://ppyc-ve0rf.890m.com/s2 [.]php, where personal data of the individual, for example, their address is stolen. The phishing page at that point tells the user that their account unlocked and they are diverted to the PayPal login page and incited to sign in.

Since ransomware is growing to be progressively advanced and for this situation, it's much increasingly deadly joined with yet another attack vector i.e. phishing. Consequently it's not constantly conceivable to abstain from being hit by ransomware, yet in the event that one is, some basic steps can help diminish its effect.

Jake Moore, cyber security expert at ESET says this phishing attempt “inherently uses classic techniques that have been used for years and can usually be overcome by educating users” later adds,  “Targets will always need to be on guard when sent to a link and it’s vital they actively check the URL - especially when the phishing site looks very genuine.”

In this manner the most reasonable activity is not to give away one’s personal details except if one is certain beyond a shadow of a doubt that the site is genuine. Also abstaining from tapping on any link or download or open a document except if the user is certain that it is from a 'reliable source'.

Cybercriminals abusing Microsoft Azure for phishing attacks


CyberCriminals usually host fake web pages on hacked websites, free web hosting, more recently they abused Google Docs.  These fake pages(phishing pages) trick unsuspecting users into handing over their personal and financial information.

Now, the cyber criminals have started to abuse the Microsoft's Azure cloud platform to host their fake websites.

Creating accounts on Azure is very easy and they are also offering a 30-day trial.  Once you are done with account creation, you can easily create your web pages using the main dashboard.

However, Registration process is not easy for criminals.  Because, it needs you to provide a valid phone number and credit card details.

MalwareBytes researchers says the attackers may have stolen the username and passwords from legitimate users that were already registered.

Netcraft has identified several phishing pages targeting users of Paypal, Apple, Visa, American express, Cielo hosted on Azure.

PhishTank records:
http://www.phishtank.com/phish_detail.php?phish_id=2428419
http://www.phishtank.com/phish_detail.php?phish_id=2391951
http://www.phishtank.com/phish_detail.php?phish_id=2342647
http://www.phishtank.com/phish_detail.php?phish_id=2174737

Brazil and Chinese Government websites host Paypal phishing page



Today, I have come across a phishing page which is surprisingly being hosted in one of the Chinese government website that targets Paypal users.

The paypal phishing page is hosted in the "hxxp://www.121.gov.cn/app/p/index.html" that shows the fake login page of Paypal.

Once the victim enters his credentials and proceed to login, he will be redirected to another page where he will be asked to provide his financial info including name, address, credit card details.

Then users are asked to provide 3 digit secure code, password, security questions.

Once all the details have been entered, you will be redirected to page where it says: "Your information has been sent successfully. For your security, you will be automatically logged out.Thank you for using PayPal". This page redirects to the original paypal login page.

Sub-domain of the Brazilian State of Minas Gerais government website "hxxx://www.camaramontesanto.mg.gov.br" is found to be host same type of phishing page.

PhishTank record shows the 121.gov.cn hosts the phishing page from May 8 and camaramontesanto.mg.gov.br is from May 23.

1.http://www.phishtank.com/phish_detail.php?phish_id=1827926 

2. http://www.phishtank.com/phish_detail.php?phish_id=1857679