Brutally efficient phishing scam takes advantage of PayPal’s awfulness
Phishing scams that use fake login pages to steal account usernames and passwords are nothing new. The trick for hackers is to fool customers into thinking that they're following a legit link from a real company, and a new phishing scam is particularly good at that.
A raft of fake PayPal support accounts have popped up on Twitter. The accounts monitor for individuals who tweet support requests to @PayPal, and then reply to those messages with a link to a real-looking login page. Unless you look real close, anyone could fall for it.
DON'T MISS: Google Maps has a cool new Pokemon Go trick
The fake Twitter accounts use handles like @AskPayPal_Tech, which plausibly claims to be the technical support arm of PayPal support. A real effort has been made to lift PayPal images and branding to make the account look as good as possible, and even the fake login pages look like the real deal.
The clever part about this attack is that it targets people who have already contacted PayPal customer service. If you're already expecting a reply from PayPal customer service, you probably won't look too closely at the Twitter handle, or think twice about following an official-seeming link and inputting your information.
According to ProofPoint, the security firm that identified the flaw, PayPal and Twitter are already working to eliminate the problem. But with Twitter accounts being free and quick to create, this might be a tough nut to crack. For now, remember to always be suspicious about clicking a link that asks you to input your password, and always look for a secured HTTPS connection before signing into anything related to online banking.
Trending right now:
