Researchers Uncovered PayPal Phishing Sites

Researchers Uncovered PayPal Phishing Sites

Researchers at OpenDNS Security Labs have uncovered several PayPal phishing sites that is being used in an active phishing campaign. They have found several phishing websites, most of them are the exact copy of legit PayPal site and one site is a spoofed apple ID verification page.


The fraudulent sites uses image, text and colour scheme of the legit website, making it virtually indistinguishable from the legitimate PayPal site. Fake sites are : redirectly-paypal[.]com, security-paypal-center[.]com, x-paypal[.]com, securitycheck-paypal[.]com, paypalinspection[.]com, area-paypai[.]es and many more.

paypal fake webpage

Attackers sends a phishing email to the victim with a link to redirectly-paypal.com. When the user clicks on the link, it redirects the user to another fake website security-paypal-center.com. The website then prompts user to login the phishing site with a paypal username and password.

paypal fake webpage 2

Then the webpage redirects  the user to another fake page that states, "A suspicious activity has been detected on the account". Then the website prompts the user to verify the account by entering name, address, telephone number, social security number, credit card number, PIN, CCV and  a valid government issued ID into the webpage. After the user submits all the information, the webpage redirects the user to the legitimate PayPal home page.

These phishing attacks are easy to avoid, simply look at the URL of the webpage.

Share this article to your friends and let them know about these active phishing campaign attacks.

No comments

Powered by Blogger.