A new phishing campaign targeting PayPal users with fraudulent text messages has been identified. The exploit attempts to steal a variety of sensitive user details, in addition to their PayPal credentials. The phishing campaign begins with an SMS message stating that the user's PayPal account has been partially suspended due to suspicious activity. The user is then invited to click on a link that will allow them to verify their account. In what has become an increasingly common phishing tactic, the link actually leads to a fake login page that allows the attacker to steal the login information entered. The phishing page then asks for additional details, including names, addresses, and bank details, which the attacker could use for other fraudulent activities.
What to do next
If someone clicks the link in the phishing SMS message and submits information related to your PayPal account, it's important that they promptly change the password associated with that account. If they use the same password on other platforms, it is essential that these too be changed urgently. Additionally, people who have been affected by successful phishing campaigns often begin to notice follow-up attacks that could exploit some of the previously acquired information. Victims need to remain extremely vigilant and may wish to monitor their banking transactions more closely for fraudulent activity, especially if financial information has been inadvertently disclosed. While phishing campaigns are most often associated with email messages, text messages are also a popular means of obtaining sensitive information. People should analyze any message they receive, regardless of the medium, especially when they are asked to enter personal data. Through a computer on hold