It will begin by asking for an email and address, then a phone number and finally – which is of most concern – credit card information.
An alleged verification code is then sent to the mobile number the PayPal user provided and the threat actor may even attempt to call the targeted victim.
But this is all part of a complex phishing attempt designed to steal sensitive information from a victim.
Speaking about the threat, Cofense said: “This attack demonstrates the complexity of phishing attacks that go beyond the typical ‘Forms’ page or spoofed login. In this case, a carefully crafted email appears to be legitimate until a recipient dives into the headers and links, which is something your average user will most likely not do.”
Thankfully though, there are a number of red flags that PayPal users need to look out for when trying to see if a message or website they’re looking at is authentic.