New PayPal Scam Wants a Selfie

As if there aren’t enough PayPal phishing scams already, there is another one that is gaining in popularity. This one implements a technique that has been seen before in a banking Trojan called Acecard. However, while it certainly is after PayPal login credentials, that is probably not all. As part of the verification process for the fake PayPal authentication, it also requires a selfie. But they don’t want a photo of the victims out on the town or with their favorite celebrities.

In this latest version of constantly evolving PayPal scams, websites are set up using legitimate secure certificates (SSL certificates). These are reasonably simple to get these days, so scammers are taking advantage of it. After all, we are more likely to trust a site if it has that padlock or “https:” indicator on it, right?

For this one, users get directed to a site that looks so similar to the legitimate PayPal site, that it’s nearly impossible to tell that it isn’t. Then users are asked for login credentials. A new page appears and additional verification of identity is required. This means entering more details and in one case, a personal address, payment card information and a selfie holding the target’s identification card.

As far as analysts can tell, the information requested is not stored on any servers once it’s submitted. However, it does get emailed to an account on the Russian service Yandex.

It isn’t clear what the criminals intend to do with this information. However, some experts believe they will be used to create accounts on various cryptocurrency exchanges. This link could have been made because often, those also require additional identity verification using selfies with accompanying ID cards. These exchanges can then be used to “launder” money using the stolen identities.

Whatever these selfies will be used for, you can be sure that authorities will be doing their best to track it down.

© Copyright 2017 Stickley on Security