Phishing scam of sensitive credentials operated via PayPal online chat service

August 6, 2021
PayPal chat service credential phishing scam fraud

There has been an unusual operation of a credential phishing scam using the Paypal online chat service identified by cybersecurity analysts recently. 

To start, a phishing scam is a method where cyber criminals acquire highly sensitive credentials or information such as finance-related data, passwords, usernames, one-time passwords from users or target victims. This technique also includes how attackers identify themselves as legitimate organizations and deceive their prey into giving up and disclosing private information. Furthermore, all the confidential data that has been successfully acquired by these attackers could be used for identity theft, financial theft, or even to obtain illegal access towards the victims’ accounts to steal, operate on incessantly, or even blackmail them. 


PayPal Credential Phishing Technique 

It can be easy to be deceived and overlook some strategies performed by phishers to steal sensitive credentials from their victims due to its usual subtle URL links that can be believed legitimate. 

Some emails may use techniques such as rushing the target victim into resolving a made-up problem quickly by clicking the attached suspicious links. Although some attackers can also fail by not giving any effort to “mask” their email addresses properly – which led a threat analyst, Alex Geoghagan, to easily identify if an email is a phishing scam. 

Yet, many people could still fall prey to these schemes because emails were written very well and links that seemed appropriate as though they actually came from a legitimate service or entity. 


How Does It Work? 

The usual method used by the threat actor is by using automated scripts to begin a conversation with their target once the phishing scam live chat that masquerades as PayPal is accessed. Then, the attacker will technically try to acquire the victim’s personal data such as addresses, phone numbers, and the likes. Therefore, gathering the information from the victim is the threat actor’s way of expressing legitimacy and will further use them for authentication. 

Moving forward to the communication with the victim, the threat actor will then try to acquire the victims’ PayPal credentials. Then ask for the verification code sent via text message to the victim’s mobile number to ensure that the person who has ownership of the device is the exact person they are targeting. 

To conclude, for a person to completely avoid or prevent various types of phishing strategies, one must fully recognize if communication is an actual phishing attack. Also, it can be helpful to attain awareness training and acquire a strong defense of cybersecurity solutions available. From there, full and assured protection against these kinds of cyber attacks or phishing scams can be prevented. 

About the author

Leave a Reply