Uncategorized on 31 Oct 2008
PayPal’s 10th Year Anniversary Phished
As PayPal celebrates its 10th anniversary this year, the Trend Micro Content Security Team also discovered a phishing website that uses the occasion to lure users into it’s trap. This fraudulent site informs online visitors that PayPal is throwing a party to celebrate the anniversary, supposedly as a way of letting it’s customers know how much PayPal appreciates their support.
The website looks very much like a typical PayPal page:
Figure 1.Screenshot of the phishing page.
It informs recipients that they are invited to the party, where there will be “plenty of fun, food, free flow drinks, music and dance” - and also some cash prizes as well. Like typical invitations, the page asks users to RSVP. To do this however, they must fill out a form first, and there phishers are able to steal user information.
Users who visit this site are asked for their first and last names, telephone number, country of residence, and most importantly, their PayPal email address. The page also has a non-mandatory eBay ID box. Filling out the form compromises victims accounts because phishers may then be able to access these themselves.
PayPal phishing continues to be a threat to Web users, as seen in these examples:
The phishing URL is now blocked by the Trend Micro Smart internet security protection Network. The technology prevents users from even accessing the page, keeping their PayPal and also eBay accounts safe from phishers.
