Sunday, June 21, 2015

Phishing Email - Your PayPal Confirmation Alert ✓

Just got hit with the "Your PayPal Confirmation Alert  ✓" phishing email.

This email is crafty since the message is email header (see bad email header here) is composed well, the reply is back to PayPal, etc. Moreover, all the image sources are from PayPal, but the real threat comes from the attached document which it asks you to fill out. 

This email will try to steal your identity on PayPal and also has a browser jack file payload. It's fairly rudimentary form and obvious, but the best deception are the most seemingly obvious. The browser jack file payload, is not obvious at all however and is a huge compromise, a top tier anti-virus program should detect like Kaspersky.

The email subject line; 

"Your PayPal Confirmation Alert  ✓"

The email reads, but the give away this is misspelling of Thank you.

Dear Customer,
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours.
Your account has been frozen temporarily in order to protect it.
The account will continue to be frozen until it is approved and validate your account information.
This will help protect you in the future. The process does not take more than 3 minutes.
To proceed to confirm your account information please follow the instructions that will be required
  1. Download the attached document and open it in a browser window secure.
  2. Confirm that you are the account holder and follow the instructions.

Tank You,

The attached document is name PayPal-Alert.htm and contains a form to direct all your personal information to be sent to this URL address...

f o r m action="" id="main" method="POST" name="main">

Action > Report the Phishing URL to Google Plex now, click this link

The attached document cleansed pre-view

PayPal ID and Password

Enter your primary email address as your Paypal ID.

Please enter your information.

Mailing Address

Please enter your mailing address.

Profile of credit card


Action > Report the Phishing URL to Google Plex now, click this link

No comments:

Post a Comment