This email is crafty since the message is email header (see bad email header here) is composed well, the reply is back to PayPal, etc. Moreover, all the image sources are from PayPal, but the real threat comes from the attached document which it asks you to fill out.
This email will try to steal your identity on PayPal and also has a browser jack file payload. It's fairly rudimentary form and obvious, but the best deception are the most seemingly obvious. The browser jack file payload, is not obvious at all however and is a huge compromise, a top tier anti-virus program should detect like Kaspersky.
The email subject line;
"Your PayPal Confirmation Alert ✓"
The email reads, but the give away this is misspelling of Thank you.
|
||||
Dear Customer,
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours.
Your account has been frozen temporarily in order to protect it.
The account will continue to be frozen until it is approved and validate your account information.
This will help protect you in the future. The process does not take more than 3 minutes.
To proceed to confirm your account information please follow the instructions that will be required
Tank You,
PayPal |
||||
The attached document is name PayPal-Alert.htm and contains a form to direct all your personal information to be sent to this URL address...
The attached document cleansed pre-view
| PayPal ID and Password |
Enter your primary email address as your Paypal ID. |
| Please enter your information. |
| Mailing Address |
Please enter your mailing address. |
| Profile of credit card |
| |
Action > Report the Phishing URL to Google Plex now, click this link
No comments:
Post a Comment