OpenDNS Intercepts Fresh PayPal Phishing Scam
OpenDNS Security Labs discovered one extensive phishing scam aimed at people using PayPal the well-known facilitator of Internet-based payments, a news that itbusiness.ca published February 11, 2015.
According to OpenDNS, the scam, which began 26th January 2015, along with the phishing site impersonating PayPal's login section continues to be prevalent.
Like always, probable victims are enticed towards accessing fraudulent web-pages looking like PayPal with phishing electronic mails masquerading as PayPal and often asserting about an issue with the end-users' A/Cs, while allegedly providing a web-link for reaching it.
If users click the web-link, they're led via several pages crafted for extorting the maximum possible financial and other personal data from them.
Several domains host the phishing site as they include 'paypal' inside their domain-names thus producing x-paypal[.]com, security-paypal-center[.]com, redirectly-paypal[.]com, among others. The domains' hostings are from different providers.
A few among the said PayPal-spoofed websites can hardly be distinguished from the real website since the identical else near-identical color scheme, text and images are used in them.
And aside simply copying PayPal website's name and design, the hackers in reality took copy of the HTML code straight off the real site for putting forth a persuasive display.
According to OpenDNS, it has informed PayPal about the scam so the 'fraud-and-abuse' wing of PayPal has started work for terminating those spurious websites.
Certain easy-to-understand recommendations follow from the security company such as being watchful about signs so one doesn't become victimized with the above kind of assault, like checking if the website uses HTTPS as well as one genuine SSL Certificate belong to the company visited. Each-and-every phishing website that OpenDNS detected delivered its content via HTTP that's extremely unusual with money-transfer websites.
More signs for noticing are layout presentations that vary from the actual website. There could be evidences in the phishing electronic mail pertaining to its genuineness, like in case the message's wordings are odd alternatively directly instruct the user for providing his password then it would prove it's a phishing e-mail. An increasingly savvy end-user may examine an e-mail's caption, tracking the path for figuring out whether it's impersonating some other entity, concludes OpenDNS.