Cyber Headline, February 24, 2017 - Attackers running phishing campaign to PayPal users with fake pages that are well designed and difficult to distinguish from the real PayPal page. Hackers were even able to bypass your two factor authentication immediately by accessing the compromised email accounts, and by giving you fake websites and email messages were meant to trick users to steal username, password, and other personal information.
The phishing emails were sent users urging user to log into their account in fact takes the victim with a fake login page. To give a sense of urgency, the page claims that the user won’t be able to access the PayPal account until the requested information is provided. The page, however, contains more clues that something isn’t right, as it even asks for the user’s Social Security Number, which applies to US citizens only, but also asks which country the victim is from.
“If you’re concerned about PayPal security, you should log directly into PayPal.com itself and update your security settings, and if you know someone who has fallen victim, the first step should be to change their PayPal password before more damage occurs,” ESET notes.
In order to be on the safe side of this attack you should avoid opening attachments or clicks on any link you may have received in your inbox, making sure when you login to your PayPal account the website should be http://www.paypal.com or https://www.paypal.com .