1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hacked WordPress sites are being boosted with PayPal phishing kit

    From TechnologyDaily@1337:1/100 to All on Fri Jul 15 17:00:04 2022
    Hacked WordPress sites are being boosted with PayPal phishing kit

    Date:
    Fri, 15 Jul 2022 15:57:06 +0000

    Description:
    Hacked WordPress sites are being subjected to sophisticated PayPal-like scams asking for financial information, ID, and more.

    FULL STORY ======================================================================

    Researchers at Akamai have discovered a new and sophisticated phishing scam targeting over 400 million potential PayPal customers.

    Akamai staff found out about the scam after finding it embedded inside their own WordPress site , and countless other genuine WordPress sites are thought to have been hacked, too.

    Most at risk are poorly secured websites with easy-to-guess passwords and no additional authentication or verification set up. PayPal scams

    The scam begins with a CAPTCHA popup, helping it to lie mostly undetected. Users proceed to log into their PayPal accounts, before confirming payment details including their address, mothers maiden name and social security number.

    Users are then implied a false sense of security as the scam enables them to link their email address to the account, but all this does is give the scammers access to individuals mailboxes. Identity theft scamming

    The final step in supposedly securing the PayPal account is to upload an identification document - including passports, driving licenses, and national identification cards - which could go on to serve a whole number of potentially illegal purposes. Read more

    We've looked at the best WordPress hosting providers



    That PayPal alert email could just be a phishing scheme



    Thousands of WordPress sites force updated to fix dangerous security flaw

    In its a release , Akamai said: Uploading government documents and taking a selfie to verify them is a bigger ballgame for a victim than just losing credit card information it could be used to create cryptocurrency trading accounts under the victims name. These could then be used to launder money, evade taxes, or provide anonymity for other cybercrimes.

    The page layout mimics closely what users will already be accustomed with by piggybacking off PayPals color palette and design interface. Furthermore, it seems that htaccess was used to rewrite the URL, thus eliminating the PHP
    file extension, helping to present a less suspicious web address.

    In general, Internet users are advised either to verify that the URL matches the companys own address or to re-access the page from a search engine, in order to make sure that they are not part of a scam. Check out the best identity theft protection tools



    ======================================================================
    Link to news story: https://www.techradar.com/news/hacked-wordpress-sites-are-being-boosted-with-p aypal-phishing-kit/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)