Advanced phishing tactics used to steal PayPal credentials
Posted June 14, 2016 by Pieter Arntz
Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials.
One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe.
Always visit sites directly, never follow the URLs presented to you in emails or attachments.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
What does this phish do?
In this case, the phish was pointing to PayPal and the phishing page is www[dot]egypt-trips[dot]co which appears to be an unused WordPress site. (We have informed the registrant of the phish, so we hope they will take appropriate measures.)
While giving the site owner some time to clean up his site, users of Malwarebytes Anti-Malware Premium will find that the phishing page is blocked if they have the Malicious Website Protection enabled.
The original blogpost about this particular phish, including screenshots and code snippets, can be found here: Very unusual PayPal phishing attack