The scam was reported by Malwarebytes Labs, and the attack uses PayPal logo and the sender’s address appears to be service@paypal.com. An order number is referenced and the message claims that the would-be victim needs to click a link in order to verify the transaction.
However, the order number is fake, and the button that claims to take customers to the PayPal website actually redirects victims to epauypal.com. Once there, visitors will see forms that look fairly convincing. They ask for the kind of personal data that identity thieves are after: name, date of birth, address, mothers maiden name, and a credit card number.
Alarmingly is the fact that the site has a valid SSL certificate, so the lock icon in the user’s browser will go green to mark it “safe”. Still, according to Forbes, observant PayPal users should note a few glaring mistakes. There is the header bar, which is missing a link for help. There is no alarm bell for notifications or a gear icon that you can click to update your account settings. Victims also do not have to log in to get to these forms, which should set off alarm bells.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now