Switch_board.jpg

BTA Blog

PayPal Phishing Scam That Tries To Obtain Selfie

paypal it company london managed service provider.jpgBTA would like to warn customers of an unusually authentic-looking phishing scam that attempts to obtain a photo of the target holding a bank card and photo ID in order to launder stolen funds.

PayPal often will ask users for additional proofs of identity, such as a photo of themselves taken from a mobile device or a photo ID. The phishing scam appears to exploit this fact to obtain identification materials that we believe may be intended to help them launder money.

What to watch out for

Like other phishing scams, this one begins with an authentic-looking email bearing the PayPal logo and address. It informs users their account has been suspended and asks them to click on a link to start an identity verification procedure. The email contains odd grammatical uses and spelling errors, but otherwise appears genuine. And the phishing website to which the user is directed also appears unusually authentic, compared to those we have seen previously.

After asking for your account information, name, address and credit card details, the site moves on to the unusual step of asking you to submit a “selfie” holding a photo ID and payment card.

A professional job

Following the photo upload you are redirected to the authentic PayPal site, none the wiser your identity information has been stolen. The data collected is sent to a Yandex email address tied to a Skype account under the name “Nazat Jou” of “Manzac, France”. We suspect the photo is needed to create cryptocurrency accounts to launder stolen money.

Alarmingly, according to PhishMe, the underlying code of the website shows an unusual level of professionalism. This is no doubt not the last time we will see such a sophisticated phishing attempt.  Hackers are getting incredibly good at creating realistic emails and websites.

What to do

As always, be wary of emails containing suspicious links or attachments, but particularly those that appear to be from PayPal asking to validate information. Go to PayPal’s website directly. Do not follow any links received by email in general, especially when the email is asking to verify account or personal information.

For a free security consultation or information on BTA’s IT security services, please click here:  Free Consultation

 


 

About BTA

BTA is one of the leading IT support companies in London, providing comprehensive out-sourced IT support to businesses looking for a competitive edge through technology.  BTA can help your company navigate the changes that lie ahead with regards to business technology, cyber security, cloud solutions, data storage and more. As one of the most established IT support companies in the UK, BTA offers strategic insight and IT consultancy your business can trust. Email enquiries@bta.com for more info or call 020 8875 7676.

 

Related posts

PayPal Phishing Scam That Tries To Obtain Selfie
Should Your Business Introduce Wearable Tech?
How to Spot a Fake App
Banks: Too big to…. go to the Cloud?
Microsoft Beat Salesforce in Battle for LinkedIn
Peter Filitz

Peter is BTA's Sales Manager (who would prefer all meetings to be on the golf course).