PayPal Users Target of Angler Phishing Attack
Posted by: Timothy Weaver on 09/01/2016 12:14 PM
[
Comments
]
Paypal users are being targeted by a new Angler Phishing attack that aims to steal their credentials.
Angler has surface in early 2016 and is similar to the normal phishing attack except that it is using Twitter as a staging arena.
"In an angler phishing attack, a fake customer-support account promises to help customers, but instead attempts to steal credentials," according to Proofpoint.
This attack originates from two fake Twitter accounts. The hackers are monitoring the real PayPal Twitter site in order to sweep up unsuspecting victims. When victims receive a reply from the phony PayPal Twitter accounts, they're fooled again as the reply has the PayPal logo emboldened as an account image, and the handle seems official, except it amends the word “Ask” at the beginning of the handle.
Of course when the victim enters their user credentials, the hackers can then access their account and drain it.
“This type of attack is similar to phishing emails that are often purportedly sent by email carriers...to customers who are using their email service," said Shirley Inscoe, a senior analyst at Aite Group. "A consumer receives an email which looks legitimate..stating they have violated the terms of their email account, and it will be shut down in a number of days. If the consumer feels there is an error, they can click on the link in the email to appeal suspension of their email privileges. Of course, clicking on the link helps the fraudsters gain access to their email credentials and other information they can use to impersonate the consumer."
"This type of scam will continue to grow in popularity so fraudsters can use their email accounts to contact other individuals in the consumer's email network and to communicate with companies they deal with regularly.”
Proofpoint reported that PayPal is aware of this scam and is working with Twitter to resolve it.
Source: SCMagazine
Angler has surface in early 2016 and is similar to the normal phishing attack except that it is using Twitter as a staging arena."In an angler phishing attack, a fake customer-support account promises to help customers, but instead attempts to steal credentials," according to Proofpoint.
This attack originates from two fake Twitter accounts. The hackers are monitoring the real PayPal Twitter site in order to sweep up unsuspecting victims. When victims receive a reply from the phony PayPal Twitter accounts, they're fooled again as the reply has the PayPal logo emboldened as an account image, and the handle seems official, except it amends the word “Ask” at the beginning of the handle.
Of course when the victim enters their user credentials, the hackers can then access their account and drain it.
“This type of attack is similar to phishing emails that are often purportedly sent by email carriers...to customers who are using their email service," said Shirley Inscoe, a senior analyst at Aite Group. "A consumer receives an email which looks legitimate..stating they have violated the terms of their email account, and it will be shut down in a number of days. If the consumer feels there is an error, they can click on the link in the email to appeal suspension of their email privileges. Of course, clicking on the link helps the fraudsters gain access to their email credentials and other information they can use to impersonate the consumer."
"This type of scam will continue to grow in popularity so fraudsters can use their email accounts to contact other individuals in the consumer's email network and to communicate with companies they deal with regularly.”
Proofpoint reported that PayPal is aware of this scam and is working with Twitter to resolve it.
Source: SCMagazine
Comments
