Over 18,000 PayPal Phishing Websites Identified in December 2012

Status
Not open for further replies.

McLovin

Level 78
Thread author
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,228
Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because they’re so effective, crooks have launched a considerable number of sites that replicate popular companies.

Over-18-000-PayPal-Phishing-Websites-Identified-in-December-2012-2.jpg


For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal.

While some of the fake sites are merely designed to trick users into logging in and handing over their usernames and passwords to the phishers, others are created to serve pieces of malware capable of harvesting sensitive information from the computers they infect.

One particular piece of malware, TROJ_QHOST.EQ, has already infected the devices of internauts from Taiwan, Thailand and the United States.

Besides PayPal phishing sites, researchers have also discovered 2,000 bogus Wells Fargo websites, around 1,600 Visa and Citibank websites, and 1,477 Bank of America sites.

Several fake Citibank websites have been found to use the BlackHole exploit kit to push the Cridex worm, a malicious element that specializes in stealing online banking credentials. In December 2012, WORM_CRIDEX.CTS infected around 277 systems, most of which belonged to users from the US.

The sites of banks and payment processors aren’t the only ones targeted by phishers. Cybercriminals have also launched AOL, Yahoo, Hotmail and Gmail phishing websites.

Interestingly, when it comes to online shopping, auction and deal of the day sites, the most popular appears to be China-based Taobao (1,691), followed by eBay, Amazon, Alibaba and Littlewoods.

Trend Micro has recorded a considerable increase in the number of phishing attacks leveraging the names of Danish e-payment company Nets Group, and real estate firm Remax.

Experts advise users who access their accounts from their mobile phones to be extra cautious. In many cases, since they can’t see the complete URL of a website, they can be easily tricked into thinking that they’re on the genuine site (see screenshot).

Source
 

Exterminator

Level 85
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
I wonder how anyone would fall for that screenshot{if it is an actual phishing site}.Paypal is great but you must be educated and careful not to fall for any of these.I have had my Sprint account attacked as well as Paypal.However Paypal immediately noticed something fishy and contacted me to change my password.As for Sprint they only caught it after someone tried to buy 4 high end phones on my account. I always change my Paypal account Password every so often.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top