Credential phishing has become one of the most common threats in the cyber landscape. However, sometimes threat actors spring up with innovative tactics for greater success rates. One such exceptional scam has been observed targeting PayPal.

What’s going on?

  • The threat actor sends an email, which does not raise any suspicions, with the subject line stating to initiate a live chat regarding a service notice related to the target’s PayPal account.
  • The email body is fairly sophisticated and contains links that can be found in legit emails. In addition to this, the actor did not even bother hiding the “from” address, which is in no way related to PayPal emails.
  • The URL in the email leads the target to a false live chat and the attacker employs automated scripts to conduct conversations.
  • Subsequently, the threat actor attempts to gain physical and email addresses, phone numbers, and credit card information.

The X factor

This certain attack displays the growing intricacy of credential phishing attacks that go beyond the conventional means, such as spoofed login or ‘Forms’ pages. Unless a recipient checks out the header and links, there is no way for them to confirm the legitimacy of the email until it is too late.

There’s more

This is not the only unusual phishing attack that has been observed lately.
  • Microsoft Security Intelligence team alerted Office 365 admins and users to beware of an active phishing campaign. The emails appear to be legitimate and can evade phishing detection.
  • Threat actors are spoofing the WeTransfer file-sharing service to conduct credential phishing attacks. The spoofed emails lure targets to a phishing page that features Microsoft Excel branding.

The bottom line

A successful phishing prevention policy includes identifying attacks that target the communications of an organization or individual. Cases like these call for providing employees with the proper tools and training to defend against these attacks, particularly when threat actors can bypass secure email gateways. Apart from this, it is recommended to pay attention to headers, links, sender’s address, and domain names.

Cyware Publisher