Skip to content ↓ | Skip to navigation ↓

Security researchers have spotted a new PayPal phishing email scam that tries to steal a victim’s Social Security Number (SSN), among other sensitive data.

The attack email informed a victim that their PayPal account was locked, and it instructed them to click a “Secure and update my account now !” button. Doing so directed a user to a bit.ly link pointing to a redirection mechanism, which sent them to a phishing website.

The first page on the site asked the user to provide their PayPal credentials. After receiving those details, the scam instructed them to confirm their billing details including their address and phone number. Next, it moved on to requesting a user’s payment card details.

It’s at that point when the campaign went for broke and attempted to gain as much as possible from the user. It did this by asking that the user provide their birth date, Social Security Number and card PIN.

A screenshot of the phishing page designed to steal a user’s birth date, SSN and card PIN. (Source: SANS ISC)

The scam wanted one more piece of information at that point. As SANS Internet Storm Center (ISC) Handler Jan Kopriva noted in a post:

They didn’t stop even there however, and on the last page asked the user to upload a photo of a valid ID or credit card. What might be a bit unfortunate from the standpoint of a potential victim is that after the user uploads a file, the page is refreshed but no confirmation is displayed. This means that a less vigilant user might upload multiple photos of documents while thinking that their previous attempts were invalid for some reason.

Kopriva reported the scam to PayPal but noted that it could take some time for the service to take it down.

News of this scam follows less than two months after researchers spotted a PayPal ruse using a valid SSL certificate to steal a victim’s bank account credentials, payment card details and email login data.