Summer Phishing in the PayPal

Aggressive predators seek na





st1:*{behavior:url(#ieooui) }

/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-fareast-font-family:”Times New Roman”;
mso-bidi-font-family:”Times New Roman”;

In the spam and phishing industry there are several brands
that never get old, outdated or out of profit. As we already shown in our
latest E-Threats
Landscape Report
and judging by the most recent phishing scheme, PayPalTM is
still one of the top ten most spoofed identities.

In the current case, the unsolicited message allegedly sent
on behalf of PayPalTM Team warns the possible customers about the alteration of
their data, due to unauthorized access. Hence, the e-crooks ask the on-line
payment users to log into their accounts and verify the possibly compromised
information by visiting the page provided in a hyperlink.

PayPal phishing

The link does not lead to the service portal, but to a Web
page that employs several visual identification components of the original Web
site, namely the logo, layout and general formatting elements.

Paypal phishing

This is the starting point of a cascade theft. First, the
scoundrels look for the login credentials – e-mail address and PayPalTM password
-, which they steal via the file.php

Then, on a second page, they go for detailed personal
information, including complete name, address, birth date, mother’s maiden
name, SSN, but also e-mail address and phone number.

But the swindle doesn’t stop here. Scammers also want to get
complete card details, including number, expiration date, Card Verification
Code, issuing bank, card type, and even PIN. Most intriguing, the data is
pilfered – via file2.php script – not
just for a single, but for two cards, as you can see in the image below.

PayPal Phishing 3

Few interesting details: even though all other menu options
are available on both pages, clicking any of them will only reload the page.
Moreover, one can easily see that the Web page address mimicking the genuine
Web site loads from a domain registered in Lithuania (.lt instead of .com).

Also, there are no specific security elements, one could
expect to find on an e-payment site, namely SSL encryption (Secure Socket
Layer) or security authentication methods (no “https” prefix and locked

The curiosity stirred me to click the “Why is ATM PIN
required?” link. The explanation displayed in the pop-up window is one of the
most hilarious I’ve ever read: “Requiring PIN Signatures is the latest security
measure against: identity theft, credit card fraud and unauthorized account
access”. See the whole thing below.

PayPal phishing 4

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.