Hackers Use PayPal To Go Phishing

A new strain of yet another ransomware campaign has been discovered in which the malicious actors have expanded payment options beyond Bitcoin; they are instead offering alternatives (such as PayPal) that include a phishing link, according to MalwareHunterTeam.

Attackers are stealing a page from Daedalus and are killing two birds with one stone by including a link to make a payment. To obtain the decryption key, victims can follow the link to the PayPal phishing page, where their login credentials are stolen. The combination of two threat vectors makes this attack particularly dangerous for unsuspecting victims.

The new attack method combines “a ransom notes that direct victims to a PayPal phishing page...Clicking on the Buy Now button, it directs to the credit card part of the phish already (so the login part is skipped). After filling & clicking Agree comes the personal info part & then finished,” the team tweeted. Once that payment is processed, the victim receives a confirmation.

For victims who pay with Bitcoin, the threat actors also requested that victims send an email with a reference number, which is provided in the ransom.

“Malicious actors are continually becoming more sophisticated. With this particular campaign involving phishing as an immediate follow-up threat vector to the ransomware, this attack has the potential to cause significant harm,” said DomainTools’ senior security adviser, Corin Imai.

“Not only will victims be dealing with the impact of ransomware, but many will also be directed to a carefully crafted phishing site that will attempt to steal their credentials. 

“As seen in past attacks, ransomware campaigns have targeted individuals with the threat of releasing compromising content or rendering their computers useless, leaving victims feeling that they have no choice but to pay up. 

“The best advice in this scenario is to be hyper-vigilant, double-check URLs, and when in doubt, don’t click.”

Infosecurity:

You Might Also Read:

Cybercrime Gangs Continue To Innovate:

« Cyber Criminals Are Aiming At Business
Geo-Political Tensions Are Fuelling Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Ultima

Ultima

Ultima are on a mission to help businesses unlock their true potential by using the right IT to protect your company’s revenue and reputation – 24/7.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.

Xiphera

Xiphera

Xiphera designs and implements proven cryptographic security for embedded systems.