Twitter users must be beware of a phishing scam that looks like an official PayPal account. It uses false accounts to try to trick users into giving up their logins. The fake accounts are named AskPayPal or AskPayPal_Tech, and they have made their Twitter pages so genuine that users who are looking for a response from PayPal become easy prey.
Twitter users beware
Proofpoint researchers exposed this “angler” phishing attack in which fake tech support accounts keep an eye on Twitter messages that are expecting a reply from @PayPal. Then the phishers step in claiming to be the official support, explains Techradar.
This so-called “angler” phishing attack tricks users by employing the official PayPal logo and a link to a login screen which seems very official and where the actual phishing takes place. After contacting the user, it steals the password after a user enters it.
Twitter and PayPal have come together to sort the problem out. These fake Twitter accounts have grammatical errors and can be easily caught if closely observed. Moreover, the accounts are generally only a month old, which is enough to arouse suspicion, notes Techradar.
According to Proofpoint, even though PayPal and Twitter have come together to address the scam, considering how quickly and easily Twitter accounts can be created, it will be a tough nut to crack.
Playing on expectations
There is nothing new in these types of phishing scams which use fake login pages. It’s an old trick of hackers to fool customers by sending a link that seems to be legit, and this new “angler” phishing scam no doubt is good at this. Targeting people who are already in touch with PayPal’s customer service is the most notorious part of this attack.
The expectation of a reply from PayPal customer service could easily lead you into the trap if things are not closely observed on the Twitter handle.
“This recent scam exemplifies the many angler-phishing attacks that we have been seeing. Recent research from the Anti-Phishing Working Group (APWG) reports that over 75% of attacks are targeted at financial service and ecommerce organizations, and Proofpoint’s own research on angler-phishing confirms this,” says Proofpoint.
Until a permanent solution is discovered, users are cautioned to be doubly sure before clicking on any link asking for passwords and always look for a secured HTTPS connection before signing in into anything related to online banking.
“Vigilant social media monitoring and account discovery exercises are effective measures for detecting and preventing social media angler phishing attacks,” Proofpoint advice users to do.