A nasty new PayPal phishing campaign is doing the rounds

(Image credit: PayPal)

A new phishing campaign has been identified that targets PayPal users with fraudulent text messages. The exploit attempts to steal a variety of sensitive user details, in addition to their PayPal credentials.

The phishing campaign begins with an SMS message stating that the user’s PayPal account has been partially suspended due to suspicious activity. The user is then asked to click on a link that will enable them to verify their account.

In what has become an increasingly common phishing tactic, the link actually leads to a fake login page that allows the attacker to steal the entered login credentials. The phishing page then asks for further details, including names, addresses, and bank details, which the attacker could use for further fraudulent activity.

What to do next

If an individual does click on the link in the SMS phishing message and hands over information relating to their PayPal account, it is important that they quickly change the password associated with that account. If they use the same password across other platforms, then it is essential that these too are changed as a matter of urgency.

In addition, individuals that have found themselves targeted by successful phishing campaigns often start noticing follow-up attacks that might leverage some of the information previously acquired. Victims should remain extra vigilant and may want to keep a closer eye on their bank transactions to check for fraudulent activity – particularly if financial information has been unwittingly divulged.

Although phishing campaigns are more commonly associated with email messages, texts are also a popular avenue for gaining sensitive information. Individuals should scrutinize any message that they receive, whatever the medium, particularly when it asks them to enter personal data.

Via Bleeping Computer

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.