Security researchers have identified a a new phishing campaign that abuses legitimate services such as GoDaddy (opens in new tab) and Glitch to scam victims out of their PayPal credentials.
First, the attackers created a fake PayPal website that looks strikingly similar to the authentic page. They used Glitch, a low-code software used to quickly create a website and “launch it on a secure URL in under a minute”, Armorblox explained.
- Here’s our list of the best email services (opens in new tab) right now
- We’ve built a list of the best email hosting providers (opens in new tab) on the market
- Check out our list of the best antivirus (opens in new tab) available
Then, they used GoDaddy to obtain a secureserver.net domain, from which they are distributing a fraudulent email (opens in new tab) message to their victims. The email itself is designed to look identical to legitimate communications from PayPal.
Despite typos and other inconsistencies across the email, the researchers say it "bears enough surface-level similarity to a real PayPal email to pass the eye tests of unsuspecting victims".
The contents of the email are that of a typical phishing attempt: the scammers warn the victim that their PayPal profile is incomplete, and expired card details may be the culprit. The email claims the person will lose access to their account unless they update their details.
The victim is prompted to click on a malicious link, where their phone number, email address and PayPal password are harvested.
Defend against phishing
Although phishing campaigns such as this are relatively common, they are still an effective means of laying the groundwork for account takeover and other types of attack.
This particular phishing campaign is likely to hook both consumers and small to medium-sized businesses (SMBs), many of which regularly use PayPal’s services.
The best way to shield against phishing is to train employees on the dangers of social engineering, to educate them not to click on links in emails or download attachments from unverified sources, and to enable two-factor authentication.
- Here's our rundown of the best malware removal (opens in new tab) solutions on the market now