skip to Main Content
+44 (0) 1628 308038

Another Active PayPal Phishing Scam Targets SSNs, Passport Photos


A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports.

The campaign starts with a fairly run-of-the-mill phishing email, purporting to be from the online payment company’s notifications centre, which warns victims that their account has been limited because it was logged into from a new browser or device. The email recipient must verify his or her identity by clicking on a button, which is a address that then redirects the browser to an attacker-owned landing page, which asks for a complete rundown of personal data.

The ongoing campaign showcases “the current ‘let’s take all that we can get’ mentality of the attackers quite well,” Jan Kopriva, with the Computer Security Incident Response team at information tech company ALEF NULA, said in a Monday SANS ISC InfoSec Forum post. “Over the years, phishing authors seem to have learned that once they hook a phish, they should try to get all the information they can from them. This is the reason why many current campaigns don’t stop after getting the usual credit card information, but go further.”

Like other phishing campaigns, this particular scam comes with some major red flags. While the initial email sender shows up under the name “Support,” a closer look at the email address shows it is from service53659(at), rather than a legitimate PayPal email address. Some parts of the phishing email make strange use of exclamation points – For instance, the top of the email says “PayPal Notifications Center !” and the phishing link button reads, “Secure and update my account now !”

Also, while the landing page pretends to be a legitimate PayPal login screen with the PayPal brand at the top, the phishing page (https://www[.]leemou[.]com/files/selector/) is clearly not a PayPal domain.

However, if victims are gullible enough to enter their credentials, a general information gathering form is then displayed.  The landing page at first asks for the victims’ billing information and credit card details, but later takes the campaign a step further and asks victims to fill in a social security number and card PIN number.

If they manage to collect that information, attackers take the scam to the next level, on the last page asking victims to upload photos of their valid government issued photo ID, passport, driving license or credit card.

New-school security awareness training can teach your employees to be suspicious any time they’re asked to enter sensitive information, even if the source appears legitimate.

With thanks to the Cyber Defence Alliance and The full story is here:

Request Your Security Awareness Training Demo


New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence.

Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

Close search


Back To Top