While spearphishing attacks have been grabbing most of the headlines lately, AppRiver researcher Troy Gill said the PayPal scam is instead casting a wide net to obtain sensitive data from as many people as possible.
The supposed PayPal email informs the victim their account has been placed on a ‘limited’ status with no activity allowed until certain information is confirmed. The email has an HTML attachment that directs the recipient to a page where the personal data can be input, to include name, address, mothers maiden name, payment card information, Social Security number and phone number.
Gill said the HTML page is a dead giveaway, but an unknowledgeable person might not realize PayPal would simply direct someone to their account page.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now