PayPal Phishing – HTML Attachment

Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind.

Image

Typical message content, but they usually give you a (fraudulent) link to follow. Not this time, they attach an HTML file which will open in any browser. I opened the file in a safe environment, all looks very convincing.

Image

Now, not only would PayPal never ask you to reactivate your account in this manner, they would never ask for your credit card & personal details.

Image

When you click the Submit button it will send all the details you entered to this script.

hxxp://202.181.105.217/~info/AccountVerification/cf.php

Which displays this output.

Image

So in conclusion, if you ever are worried your PayPal account has been accessed by a third party and needs reactivating, phone them.

Random Posts

Previous Posts