Twitter users must be beware of a phishing scam that looks like an official PayPal account. It uses false accounts to try to trick users into giving up their logins. The fake accounts are named AskPayPal or AskPayPal_Tech, and they have made their Twitter pages so genuine that users who are looking for a response from PayPal become easy prey.
Twitter users beware
Proofpoint researchers exposed this “angler” phishing attack in which fake tech support accounts keep an eye on Twitter messages that are expecting a reply from @PayPal. Then the phishers step in claiming to be the official support, explains Techradar.
This so-called “angler” phishing attack tricks users by employing the official PayPal logo and a link to a login screen which seems very official and where the actual phishing takes place. After contacting the user, it steals the password after a user enters it.
Einhorn’s FOF Re-positions Portfolio, Makes New Seed Investment In Year Marked By “Speculative Exuberance”
It has not just been rough year for David Einhorn's own fund. Einhorn's Greenlight Masters fund of hedge funds was down 3% net for the first half of 2020, matching the S&P 500's return for those six months. In his August letter to investors, which was reviewed by ValueWalk, the Greenlight Masters team noted that Read More
Twitter and PayPal have come together to sort the problem out. These fake Twitter accounts have grammatical errors and can be easily caught if closely observed. Moreover, the accounts are generally only a month old, which is enough to arouse suspicion, notes Techradar.
According to Proofpoint, even though PayPal and Twitter have come together to address the scam, considering how quickly and easily Twitter accounts can be created, it will be a tough nut to crack.
Playing on expectations
There is nothing new in these types of phishing scams which use fake login pages. It’s an old trick of hackers to fool customers by sending a link that seems to be legit, and this new “angler” phishing scam no doubt is good at this. Targeting people who are already in touch with PayPal’s customer service is the most notorious part of this attack.
The expectation of a reply from PayPal customer service could easily lead you into the trap if things are not closely observed on the Twitter handle.
“This recent scam exemplifies the many angler-phishing attacks that we have been seeing. Recent research from the Anti-Phishing Working Group (APWG) reports that over 75% of attacks are targeted at financial service and ecommerce organizations, and Proofpoint’s own research on angler-phishing confirms this,” says Proofpoint.
Until a permanent solution is discovered, users are cautioned to be doubly sure before clicking on any link asking for passwords and always look for a secured HTTPS connection before signing in into anything related to online banking.
“Vigilant social media monitoring and account discovery exercises are effective measures for detecting and preventing social media angler phishing attacks,” Proofpoint advice users to do.