SMS Phishing Campaign Targets PayPal Users With Fake Alerts

  • A new smishing campaign sends fake “account limited” warnings to users of PayPal.
  • The recipients are urged to click on the included URL, which takes them onto a phishing site.
  • The site is no longer online, but the actors may very easily register a new domain and continue.

There’s a new phishing campaign targeting PayPal users, and its orchestrators are using SMS instead of email to spread their fake alerts. The goal of the campaign is to steal PayPal account credentials (smishing), and the bait is a warning about your account dropping to a “limited” status. Supposedly, the SMS recipient needs to verify their account to lift the temporary restrictions. Otherwise, they won’t be able to withdraw, send, or even receive any money via the popular online payments platform.

The SMS contains a URL link where the recipient is urged to click on, and the next stop is a phishing page that features a well-crafted login page. The domain that was used initially is “pyplvryzs[.]com,” which is obviously not part of the official PayPal domain space.

Still, again, people in panic may just skip all sanity checks and proceed anyway. The domain has been reported, so internet security solutions will display a warning when the user attempts to visit it, and it’s now offline. Of course, the actors may very easily update their SMS content to point to a new domain.

Source: Bleeping Computer

Apart from the credentials, the actors are also asking the user to enter their full name, date of birth, address, zip code, country, etc. This is done in a second step, so even if the victim realizes the scam at this point, the credentials that were provided previously will already be gone to the actor’s server.

If the additional details are entered, the actors will get anything they’ll need to perform full-blown identity theft attacks, gain access to additional accounts, or set up more targeted phishing attacks in the future.

Source: Bleeping Computer

If you have fallen victim to this trickery, go to immediately and change your password. Also, do the same on other online platforms where you may be using the same password. If you haven’t enabled 2FA on PayPal yet, do it now.

As always, when you receive an email or SMS claiming anything about your accounts, instead of clicking on embedded buttons or URLs contains in the message body, visit the official website directly, login, and check for any messages or pending issues that request your attention.

How to Watch Evolving Vegan Online: Stream the Mena Massoud Series from Anywhere
Evolving Vegan is an upcoming Canadian television series hosted and executive produced by actor, author, and entrepreneur Mena Massoud, and we have...
How to Watch Taskmaster Season 15 Online for Free from Anywhere
Taskmaster Season 15 is around the corner, and we’re here to give you all the important information you may be looking for,...
How to Watch RapCaviar Presents Online from Anywhere
Rapcaviar Presents is a new documentary that’s based on the influential Spotify playlist launched in 2015, which is followed by more than...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari