IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cloud Services
#
Commerce Systems
#
Cybersecurity
Akamai research finds PayPal security measures utilised in new phishing scam
Mon, 18th Jul 2022
FYI, this story is more than a year old
Author image
By Mitchell Hageman, Managing Editor
Follow us

New research from Akamai has found that a new threat actor is parasitising benign WordPress sites to execute an extensive PayPal phishing scam.

According to the Akamai blog, the scam injects a discreet phishing kit into existing, non-malicious WordPress sites as a way of maintaining evasion. It then gains extensive access to a victim's identity and information by mimicking new security practices.

Common bogus prompts require users to submit government documents and photographs, in addition to their banking information and email passwords. This can lead to substantial identity theft issues and further extensive loss of financial and data security. The scam also attempts to gain trust by claiming there is unusual activity, tricking users into going through with the security checkpoints.

A unique aspect of the phishing kit is that it attempts to directly evade security companies by providing multiple different checks on the connecting IP address to ensure that it doesn't match specific domains or originate from security organisations.

The threat actor behind the site uses a file management plugin to upload the phishing kit, allowing for further exploitation of the WordPress site.

They use htaccess to rewrite the URLs to not have .php at the end of the URL. This gives the phishing page a more polished and professional look.

This new scam is only a small part of a significantly wider problem. Identity theft has so far affected 42 million people in 2021, with total losses equalling USD$52 billion and this new threat being one of many currently circulating.

“People judge brands and companies on their security measures these days. Not only is it commonplace to verify your identity in a multitude of ways, but it's also an expectation when logging in to sites with ultrasensitive information, such as financial or healthcare companies,” states the blog.

“By using captcha immediately, telling the victim that there has been unusual account activity, and reinforcing “trust” by utilising “new security measures” like proof of government identification, they are making the victim feel as if they are in a legitimate scenario. The same methods that can ensure an identity is secure can ultimately lead to total identity theft — not just credit card numbers, but cryptocurrency accounts and anything else the threat actor wants to obtain.

Akamai recommends that users continue to be aware of scams and threats relating to breached security as the landscape continues to evolve. They say that phishing honeypots are becoming increasingly more common and are a much better way for threat actors to deceive vulnerable users than typical email phishing scams.

“There have been several innovations in the way phishing looks and feels to make them seem more legitimate than the classic Nigerian Prince scam,” the blog states.

Related stories
Global Processing boosts efficiency with New Relic AI platform
Adobe reveals new AI-powered mobile app, Adobe Express
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
SAS expands managed services portfolio to Amazon Web Services
Business leaders anxious over data security – report
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA