2010 opens with a phishing
surprise for PayPal users. The mechanism behind it is simple and it aims two
targets in one go: PayPal account and credit card information.
First comes the fake official
PayPal e-mail, which urges users to confirm their e-mail address and credit card
information as part of a supposedly “innovative” means of monitoring “inactive
customers” and “non- functioning e-mail boxes”.
As usual, social engineering
ingredients come in handy in this kind of messages. In this case, there are two
elements which emphasize the urgency of the matter: a restriction and removal
warning and a clear deadline, January 12.
If the reference to credit card
information in this context does not ring an alarm bell, gullible users will
take the second step of the furtive procedure and they will log in to their
PayPal accounts. And that’s a first strike, as the user name and password are
typed on a fake PayPal page.
The third and final step takes
users to a page where they are supposed to fill in various personal
information, all in the name of standard security maintenance procedures: name,
address, credit card number and the like. If the request to provide the credit
card’s ATM PIN, strategically placed last, does not raise any suspicion, the
deal is sealed.
Once again, standard preventive measures will keep PayPal
users safe from harm:
tags
Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia.
View all postsNovember 14, 2024
September 06, 2024