Security News > 2022 > July > PayPal-themed phishing kit allows complete identity theft

By misusing the PayPal logo and general design, the phishing kit leads users through a set of pages and forms aimed at collecting information that can later be used to steal the victims' identity and perform money laundering, open cryptocurrency accounts, make fraudulent tax return claims, and much more.

The attackers using the kit are targeting legitimate WordPress sites.

"One of the unique aspects of this phishing kit is its attempts to directly evade security companies by providing multiple different checks on the connecting IP address to ensure that it doesn't match specific domains or originate from security organizations," researchers Larry Cashdollar and Aline Eliovich shared.

The author of the kit has also used htaccess to rewrite the URLs, so that the phishing pages don't have the telltale.

To increase the credibility of the phishing pages, the kit maker exploits the fact that it has become normal for brands and companies nowadays to enforce different security measures.

"Looking at this kit from an outsider's perspective, it may seem obvious that it isn't legitimate. If you have been on PayPal's site any time recently, you would know this isn't a real page: PayPal links to both credit cards and banking information directly, allows a one-time password for login, and would never ask for your ATM PIN. However, the social engineering element here is what makes this kit successful," the researchers concluded.

News URL

https://www.helpnetsecurity.com/2022/07/14/paypal-themed-phishing-kit/