The scam starts with a text warning victims of suspicious activity on their accounts
A new SMS-based phishing campaign is doing the rounds that attempts to part PayPal users from their account credentials and sensitive information, BleepingComputer reports. The ploy consists of SMS text messages that impersonate the popular payment processor and inform potential victims that their accounts have been “permanently limited” and that they need to click on the link to verify their identity.
The fake alert and login page (source: BleepingComputer)
Now, at first glance the message may not seem all that suspicious since PayPal may, in fact, impose limits on sending and withdrawing money. The payment provider usually does so when it suspects that an account has been accessed by a third party without authorization, when it has detected high-risk activities on an account, or when a user has violated its Acceptable Use Policy.
However, in this case it really is a case of SMS-borne phishing, also known as smishing. If you click on the link, you will be redirected to a login phishing page that will request your access credentials. Should you proceed to “log in”, your credentials will be sent to the scammers behind the ruse and the fraudulent webpage will attempt to gather further information, including the full name, date of birth address, and bank details.
Impersonating the popular payment processor isn’t a novel tactic; after all, paypal users targeted phishing campaign
