Watch out - that PayPal email could be a phishing attack

mobile security
(Image credit: Shutterstock / Patdanai)

PayPal is the world’s most popular payment system - for threat actors trying to trick people into giving away their login credentials, new research has claimed.

Analyzing phishing campaigns taking place throughout 2021, Atlas VPN researchers found that almost two in five (37.8%) of all financial phishing attacks impersonated PayPal.

The premise is simple - the threat actors will set up a landing page that looks almost identical to the PayPal login page, and will create an email that mimics the looks and the feels of a newsletter, notification email, or warning from the company. 

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> <a href="https://project.tolunastart.com/s/Cy37RiA" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Amazon and Apple in the crosshairs

That email will always hold a link, inviting the victim to log in with their endpoints and sort out whatever troubles await. That link, however, instead of driving the victim towards the actual PayPal login page, will lead them into the fake landing page where, if they’re gullible, they’ll give away their passwords to the attackers.

Besides PayPal, cybercriminals also love impersonating Mastercard. As the second most-abused financial payment brand, Mastercard was impersonated in 12.2% of phishing instances. The goal, in these attacks, is to obtain credit card information.

With a 10% market share, American Express took the third spot. 

“To avoid getting tricked by a phishing attack targeting payment systems, users should keep in mind several things,” says Atlas VPN cybersecurity writer Vilius Kardelis. 

“Websites impersonating popular brands will always have suspicious domain links, which can help to recognize whether the page is legit easily. Also, emails from scammers might contain grammatical errors, so keep an eye out for that.”

Payment services aside, threat actors also love to impersonate ecommerce brands, with Apple and Amazon being the most abused brands. Almost half of all phishing attacks that used an ecommerce brand (48.78%) chose Apple, while Amazon was used in 21.48% of cases. 

With 5.32% of the market share, eBay takes the third spot, followed by Alibaba with 4.14%.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.