Pay-Me-Pal Strikes Anew

March 3rd, 2008 by Keanu Beltran (Threats Analyst)

Phishing activities on online payment service PayPal continues today as Trend Micro received reports of a new spammed email. Below is a screenshot of the said phishing email:

It appears to be similar to previous phishing email messages that ask unsuspecting users to confirm their account by entering personal information such as the bank name, ATM PIN code, mother’s maiden name, birth date, and social security number. Nothing fancy, but it seems to continue to work for cyber criminals bent on stealing personal information for profit.

Clicking on the URL provided in the email takes a user to a spoofed PayPal Web site. The victim is then asked to enter his/her PayPal user name and password:

Note that the spoofed Web page does not check for the authenticity of the user and/or the password. The user is then directed to the following Web page where personal information is furnished:

It is evident that remote malicious users are only interested in capturing the user data for a smooth and well-executed identity theft.

When the unknowing user clicks on the link Why is this information requested?, the following pop-up window is displayed:

Note that the message implies that the information will be used to identify and locate the user’s PayPal records. As if the user name is not enough?

While this phishing Web site does not check the authenticity of the PayPal account, they do check for valid credit card information as shown below:

This phishing Web site has been up since 23 February 2008 and is still live as of this writing. Trend Micro users, however, are already protected from this phishing attempt with its Web Blocking and Web Reputation services.

Keanu Beltran, TrendLabs North America