One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1535596 |
| Date de publication | 2020-02-11 14:00:00 (vue: 2020-02-11 15:01:07) |
| Titre | New PayPal phishing scam seeks to go beyond login credential information |
| Texte |
Photo by Kon Karampelas on Unsplash
An independent guest blogger wrote this blog.
Up until now, some of PayPal users’ greatest fears in terms of cybersecurity were phishing scams aimed at obtaining their login credentials. In January of this year, PayPal confirmed a high-severity bug affecting the login form, with PayPal security investigator, Alex Birsan, finding a javascript file with what looked like a CSRF token and a session ID – which makes login information vulnerable to attackers. However, another scam is set to take this vulnerability further, by aiming not only to elicit login details, but also personal information and payment card/bank account details.
Going a step further
The new scam, discovered by researchers at ESET, sends PayPal users an email stating that their account has experienced ‘unusual activity.’ The email then requests that the users take specific steps to protect their security. Once users click onto the page, they are directed to a phishing page on which they are asked to provide various details and verify their account by providing data such as their home address and banking details. Once they have provided the requested data, they are informed that their account is now secure/restored.
Signs of scamming
The scam highlights the importance of knowing basic cybersecurity protocol. This includes being immediately suspicious of any email that leads users to a different URL, and wary of any changes – including misspelled words and odd-looking padlocks. One trend that was prevalent this year involved the use of a fake security certificate and a green padlock. Users should be aware of this and other new tricks by staying up-to-date on new cybersecurity risks, and by being vigilant of suspicious requests for information, addresses, links, and changes in page appearance.
A new PayPal threat from 16Shop phishing gang
If you are aware of current phishing threats, then the name 16Shop Phishing Gang will not be new to you. This gang, whose operators are believed to be located in Southeast Asia, is specifically targeting PayPal, according to researchers at the Zero FOX Alpha Team. The group distributes a phishing kit which aims to obtain as much information as possible from PayPal users. The kit works by sending a POST request to a C2 server, with a password, domain and path. The information illicitly taken is then sent via SMTP to the inbox of the controller. The information can then be used to build phishing pages in a number of different languages – including English and Spanish.
Astounding discoveries
The researchers managed to view traffic between the phishing kit and the command and control server. They found that the system was so easy to negotiate that even amateurs could use it without a hitch. They added that the kit was slick and sophisticated, with features |
| Envoyé | Oui |
| Condensat | ‘unusual 16shop according account accounts activity added address addresses affecting aim aimed aiming aims alex allow allows alpha also amateurs another anti any appearance are asia asked astounding attackers automated aware awareness banking basic been being believed between beyond birsan block blog blogger boost bot bug build but by kon can card card/bank cases cause certificate changes click command companies conclusion confirmed control controller could crawlers credential credentials credit csrf current customers cybersecurity cybersecurity were data date details detect detection different directed discovered discoveries distributes domain easy effort elicit email emails employee english eset evade even experienced fake fears features file finally find finding form found fox free from further gang going green group guest has have high highlights hitch home however illicitly immediately inbox includes including independent indexing information informed innovative internet investigator involved january javascript karampelas on unsplash kit knowing languages larger leads like links located login looked looking losses makers making managed many methods misspelled most much name need negotiate new not now number obtain obtaining odd once one one trend only onto operators other own padlock padlocks page pages password path payment paypal personal phishing photo possible post potential prevalent this protect protocol provide provided providing real recent reign relying reporting request requested requests researchers researchers at risks scam scammers scamming scams secure/restored security seeks sending sends sent server session set severity should signs sites slick smtp some sophisticated southeast spanish specific specifically stating staying step steps such suspicious system take taken targeting team teams terms the importance then those threat threats thus time token too traffic tricks until updating url use used users users’ greatest various verify view vigilant vulnerability vulnerable wary ways what which which makes whose widely will without words works world’s wrote year zero |
| Tags | Vulnerability Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.