OpenDNS Security Labs found an elaborate phishing campaign targeting users of the popular online payments processor PayPal, involving several fake websites set up with the intent to steal information.
The hackers behind the phishing scam set up imitation websites on Jan. 22 and Jan. 25 designed to fool users into handing over their login credentials. Chances are you’ve seen at least one PayPal phishing attempt come across your inbox – or hopefully your spam filter – but as OpenDNS explains, the attacks are getting more sophisticated all the time.
Take a look at the fake site:
Compared to the real site:
The fake sites set up used domains that appear similar to PayPal.com. To list a few: x-paypal.com, securitycheck-paypal.com, paypalinspection.com, area-paypai.es, and more.
Beyond just imitating the design and name of PayPal’s website, hackers actually coped HTML code directly from the legitimate website in order to make a convincing presentation.
OpenDNS says it’s reported the fraud to PayPal, and PayPal’s fraud and abuse department is working to take down the fake sites. OpenDNS has also blocked access to those domains for those who use its service to resolve name servers on the web.
While the attempts made by these phishers are quite convincing, there’s still an iron-clad method to avoid falling prey to an email that might direct you to such a site. If you do get an email from PayPal about your account, instead of clicking on the embedded link in the email, open a new browser tab and type in paypal.com to know you’re going directly to the source.