Apr 05 2012

Warning of emails phishing PayPal

Published by at 8:07 pm under Security Research

Recently, a number of users have received emails with content: “Please Update your PayPal information “. At first glance, the email seems to be an official email from PayPal. The email informs that Paypal has applied some new security measures, and requires users to update more information to secure their account.

 The content of phishing email

When users click the link to update their account’s information, instead of accessing PayPal update website, they will be directed to the phishing website with the link to log-in as follow:

http://soulstructures.com/includes/update/info/info.updates.com.cgi.bin.webscr.jps.confirmation.12e3sdds559005.updates.12400058732.login.php40058.servhp.us.juqss/secure.login/

Website phishing Paypal

After users fill all personal information and click to continue,the scammercan have all their accounts’ information.

What should you do if you have provided your account’s information:

1. If you have sent information of your credit card, immediately contact PayPal in order to secure your account. Please remember that you need to directly contact PayPal, do not contact through email which you received; or call to PayPal custommer sevice department for the best support.

2. Change passwords of all your online accountsimmediately. Many people usually use the same password for many different accounts. It should be started with passwords of the accounts which related to credit card or your profile. If you suspect that someone accessed your email account, immediately change password. Check your credit expenditure statement, require your issuing servicecompanies and banks to provide monthly expenditure statisticsand inform suspicious spendings, requests or activites which you did not request.

3. You must ensure that you are using the latest updated security product, such as anti-spam, anti-phishing email services, spam filter in web browser and other services to help warning and protecting you from the risk of phishing attacks.

4. Finally, stay caution when receiving strange emails, specially emails which require to provide account’s information, and make sure that the senders and links in email will redirect you to the link of the service provider.

 

Tong Van Toan

Security Researcher

 

No responses yet

Trackback URI | Comments RSS

Leave a Reply

*