A well crafted e-mail purportedly coming from the “PayPal Review Department” has been hitting inboxes lately. In it, potential victims are notified that due to some unusual account activity, a restriction was placed on their account.
To lift that restriction, they are asked to provide additional information by downloading the attached .html page, open in in their browsers and fill out the presented form:
What makes this phishing scheme stand out from the various ones attempted before is the attention to detail that the attackers have shown. The generated page looks exactly like PayPal’s legitimate one, and when the form is filled out and sent, the information is forwarded to http://paypal.com.security.update.attachment.?????.com/verification.php, and the victim is redirected to the legitimate paypal.com site.
And it’s not only that the e-mail and the fake page are well made, but the script behind the page is, too. Inserting random credit card numbers to try to trick it to send fake information to the destination page will not work. “I had to write a fake credit card number starting with “4″ followed by 16 numbers to show that it is a Visa credit card,” says Sorin Mustaca, Avira’s Data Security Expert.