PayPal Phishing – HTML Attachment
Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind.
Typical message content, but they usually give you a (fraudulent) link to follow. Not this time, they attach an HTML file which will open in any browser. I opened the file in a safe environment, all looks very convincing.
Now, not only would PayPal never ask you to reactivate your account in this manner, they would never ask for your credit card & personal details.
When you click the Submit button it will send all the details you entered to this script.
hxxp://202.181.105.217/~info/AccountVerification/cf.php
Which displays this output.
So in conclusion, if you ever are worried your PayPal account has been accessed by a third party and needs reactivating, phone them.
Leave a Reply