PayPal Users Beware of Phishing Scams

The latest PayPal related scam targets PayPal users via email. Unlike most of the PayPal scams that we have seen in the past that included a link in the body of the message, these have an attached HTML. When the attachment is clicked a Java Script will produce a Phishing page that mimics a legitimate PayPal page. The input information is then sent off to another domain that will make it available for the cybercriminals.
This attack attempts to dupe victims by using an attachment as opposed to a link. Granted, users should be conditioned to avoid both links and file attachments in suspicious or questionable e-mails, but just switching things up from the normal malicious URL might be enough to snare some unwary users.
Once the attackers have the PayPal credentials entered on the spoofed PayPal page, they can transfer the funds out of the PayPal account, make purchases using the money in the PayPal account, request funds to be sent to the PayPal account, or anything else the legitimate account holder is normally able to do with a PayPal account.
Most avid PayPal customers hopefully know better than to fall for such a thing, but with Christmas and the spike in online shopping comes a deluge of newbies who know enough to use PayPal to make purchases, but aren't seasoned in how to protect it.
During the next few months you should be aware that you will be a broader target for scammers looking to take advantage of your increased purchasing activity. Since most people will be making a far greater number of purchases on their credit cards around Christmas they would be less likely to notice fraudulent activity on their cards.
Just remember the mantra that common sense and cautious skepticism will prevent almost all attacks.

So kept an watchful eye and enjoy a safe Christmas shopping spree..