Recently, a new phishing kit has been discovered attacking PayPal users to steal their confidential data which includes user’s government identification documents and photos.
Phishing kits are simple tools that quickly creates fake websites to steal the victim’s personal data. Accordingly, hackers uses these phishing kits to hack the confidential data from their victims. Some kits also includes tools like sending out fraud e-mails, a control panel and dictionaries to locate the cyberattacks.
Consequently, the kit is been hosted on the hacked WordPress websites which allows the kit to avoid the system recognition. However, the security experts at internet technology company Akamai found the phishing kit after the hackers hosted it on their WordPress website.
The kit presents a CAPTCHA challenge to the users and asks them to log into their PayPal account using their email ID and password. The threat actor also asks for more verification information from the users. Afterwards, the victim is asked to give the host their personal and financial details, including debit card details, with the card verification code, address, social security number and others. This doesnot stops here. The fraudulents also asks victims to link their email account to PayPal which gives the hacker to access the contents of the provided email address.
