BTA would like to warn customers of an unusually authentic-looking phishing scam that attempts to obtain a photo of the target holding a bank card and photo ID in order to launder stolen funds.
PayPal often will ask users for additional proofs of identity, such as a photo of themselves taken from a mobile device or a photo ID. The phishing scam appears to exploit this fact to obtain identification materials that we believe may be intended to help them launder money.
What to watch out for
Like other phishing scams, this one begins with an authentic-looking email bearing the PayPal logo and address. It informs users their account has been suspended and asks them to click on a link to start an identity verification procedure. The email contains odd grammatical uses and spelling errors, but otherwise appears genuine. And the phishing website to which the user is directed also appears unusually authentic, compared to those we have seen previously.
After asking for your account information, name, address and credit card details, the site moves on to the unusual step of asking you to submit a “selfie” holding a photo ID and payment card.
A professional job
Following the photo upload you are redirected to the authentic PayPal site, none the wiser your identity information has been stolen. The data collected is sent to a Yandex email address tied to a Skype account under the name “Nazat Jou” of “Manzac, France”. We suspect the photo is needed to create cryptocurrency accounts to launder stolen money.
Alarmingly, according to PhishMe, the underlying code of the website shows an unusual level of professionalism. This is no doubt not the last time we will see such a sophisticated phishing attempt. Hackers are getting incredibly good at creating realistic emails and websites.
What to do
As always, be wary of emails containing suspicious links or attachments, but particularly those that appear to be from PayPal asking to validate information. Go to PayPal’s website directly. Do not follow any links received by email in general, especially when the email is asking to verify account or personal information.
BTA is one of the leading IT support companies in London, providing comprehensive out-sourced IT support to businesses looking for a competitive edge through technology. BTA can help your company navigate the changes that lie ahead with regards to business technology, cyber security, cloud solutions, data storage and more. As one of the most established IT support companies in the UK, BTA offers strategic insight and IT consultancy your business can trust. Email firstname.lastname@example.org for more info or call 020 8875 7676.