A new phishing campaign has been identified that targets PayPal users with fraudulent text messages. The exploit attempts to steal a variety of sensitive user details, in addition to their PayPal credentials.
The phishing campaign begins with an SMS message stating that the user’s PayPal account has been partially suspended due to suspicious activity. The user is then asked to click on a link that will enable them to verify their account.
In what has become an increasingly common phishing tactic, the link actually leads to a fake login page that allows the attacker to steal the entered login credentials. The phishing page then asks for further details, including names, addresses, and bank details, which the attacker could use for further fraudulent activity.
- See our roundup of the best payment gateways
- Check out our roundup of the best e-commerce platforms
- And here's our list of the best e-commerce hosting providers
What to do next
If an individual does click on the link in the SMS phishing message and hands over information relating to their PayPal account, it is important that they quickly change the password associated with that account. If they use the same password across other platforms, then it is essential that these too are changed as a matter of urgency.
In addition, individuals that have found themselves targeted by successful phishing campaigns often start noticing follow-up attacks that might leverage some of the information previously acquired. Victims should remain extra vigilant and may want to keep a closer eye on their bank transactions to check for fraudulent activity – particularly if financial information has been unwittingly divulged.
Although phishing campaigns are more commonly associated with email messages, texts are also a popular avenue for gaining sensitive information. Individuals should scrutinize any message that they receive, whatever the medium, particularly when it asks them to enter personal data.
- Also, see our list of the best shopping cart software around