Skip to main content

PayPal users fall victim to phishing attack

PayPal customers have fallen victim to a phishing scam that has emanated from Hungary and is one of the more genuine looking phishing attempts in recent times.

The phishing email makes the erroneous claim that the recipient has sent a payment of £47.00 to JD Sports Ltd and encourages them to click to “view the details of this transaction online”.

Upon clicking the link it takes the user to a page that appears almost identical to the PayPal site. That is until the website user glances at the address bar and notices the URL, which is actually one stolen from a Hungarian site that specialises in dog protection suits that was recently hacked.

Graham Cluley, an independent computer security analyst, explains on his blog that the site’s servers have been hacked into and that whoever is behind it has “planted a bogus PayPal home page”. He explained that the site isn’t doing enough to protect against this type of hacking and as such was always going to be vulnerable to an attack of this ilk.

Phishing has been a problem for money handling services for some time with hackers always on the look out to compromise customer security when it comes to banking.

Another element of phishing is occurring on social networks with Kaspersky Lab’s David Emm arguing earlier this year that the likes of Facebook and Twitter are a breeding ground for phishing. Attacks have risen so quickly over the past 12 months that there are now around 3,000 users being attacked per day – three times the number during 2011-2012.

This was before the Syrian Electronic Army [SEA] had its Twitter account suspended after it revealed some success in its attempts to hack the White House Twitter account back in July. The SEA obtained information using phishing emails that it sent to White House staffers and shows just how powerful phishing can be as a hacking method.