November 16, 2010, 6:00 PM — With Black Friday quickly approaching, and retailers racing to outdo each other with earlier and earlier deals, it is safe to say that the holiday shopping season has begun. If you're shopping online, though, and paying with PayPal--be warned. There is a phishing attack targeted just for you.
The holidays come with a dramatic spike in shopping, and nobody appreciates the increase in online commerce more than cyber criminals. While you're preparing for a Thanksgiving celebration of beer and watching the Detroit Lions make a mockery of professional football...Hey, don't judge. You try supporting a team that has been consistently sad for 60 years and see if you aren't a little bitter. Fine. While you're preparing for a traditional Thanksgiving feast and plotting your Black Friday shopping strategy, malware developers are hard at work finding ways to capitalize on the shopping season.
PayPal is established as a leading method of online payments. It is an integral part of eBay purchasing--a very popular way to acquire gifts during the holiday season, and it is widely accepted as a method of payment by online retailers of all sorts. It makes sense that cyber criminals would try to capitalize on the spike in PayPal transactions to catch naïve or unsuspecting users off guard.
AppRiver's Troy Gill has uncovered just such a scam. "Since so many people use PayPal in conjunction with the impending holiday shopping spree, scammers are looking to take full advantage of unwary consumers. The latest PayPal related scam targets PayPal users via email. Unlike most of the PayPal scams that we have seen in the past that included a link in the body of the message, these have an attached HTML. When the attachment is clicked a Java Script will produce a Phishing page that mimics a legitimate PayPal page. The input information is then sent off to another domain that will make it available for the cybercriminals."
As Gill notes, this attack attempts to dupe victims by using an attachment as opposed to a link. Granted, users should be conditioned to avoid both links and file attachments in suspicious or questionable e-mails, but just switching things up from the normal malicious URL might be enough to snare some unwary users.