What’s worse than getting phished? Getting phished and sending a selfie of your Photo ID and credit card – Graham Cluley Security News

Posted on June 17, 2017 by Dook Domini

Just the latest in a long line of scams

Phishers are targeting PayPal users not only for their login credentials but also for selfies of them holding their ID cards.

This scam campaign starts off like so many others. A user gets an attack email falsely warning them that PayPal has suspended their account "for security precaution."

"Hi there,

"Our technical support and customer department has recently suspected activities in your account.

"Therefore we have decided to temporarly suspend your account until investigating your recent activiies. Such things can happen if you clicked a suspecious link on social media or gave your password to someone else

"We're always concerned about our customers security so please help us recover your account by following the link below.

The phishing email gives itself away by its spelling errors and strange grammatical usage. But it does get some things right.

For instance, the scam does incorporate PayPal's logo and list a valid (and publicly available, mind you) address for PayPal at 353 Sacramento Street in San Francisco, California.

Researchers at PhishMe report that the attack campaign is currently hosted on a website hellopc[dot]co[dot]nz, which an individual calling themselves "Mr.Dr3awe" claims to have been hacked. The phishing kit used in the campaign is buried in a subdirectory on the site. No doubt Mr.Dr3awe hid the kit in this fashion in an attempt to evade detection by anti-phishing vendors.

Clicking on the phishing email's "Let's Get Going" link sends the recipient to another website hosting a fake PayPal login page. If they sign in, a subsequent page asks them for their name, address, and credit card number.

For the purposes of gaining more control over the victim's identity, the fraudsters then ask for something more. PhishMe's Chase Sims explains:

"If the victim is willing to hand over their phone and credit card numbers, could they possibly be willing to provide even more personal information? How about a selfie? The next page seeks to verify the identity with a photo of the victim holding up a form of ID and credit card next to their face."

Uploading a valid image and hitting the "Agree & Continue" button redirects the user to an official PayPal website. Meanwhile, someone named "najat zou" in "mansac, France" exfiltrates the data, at which point they can do whatever they want with it.

This isn't the first PayPal phishing campaign, and it certainly won't be the last.

With that said, users should avoid clicking on links in suspicious emails, and they should never hand over their credit card information to someone they don't know. They should also protect their PayPal accounts with two-step verification (2SV).

Tags: data loss, phishing, Privacy, selfie, Spam

Smashing Security audio podcast

Follow @DMBisson

What's worse than getting phished? Getting phished *and* sending a selfie of your Photo ID and credit card - Graham Cluley Security News

Make Money from Images, Documents and Photos Uploading - December 18th, 2016 [December 18th, 2016]
Immortal but Damned to Hell on Earth - The Atlantic - January 29th, 2017 [January 29th, 2017]
Hands on review: Zencastr podcast maker - The Sydney Morning Herald - February 7th, 2017 [February 7th, 2017]
How to keep your children safe online as it's revealed half of six-year-olds use the internet - Mirror.co.uk - February 7th, 2017 [February 7th, 2017]
Yetunde Olasiyan: Between Having a Voice & the Need to Show Off on Social Media - Bella Naija - February 7th, 2017 [February 7th, 2017]
How a WiFi Pilot Program Is Helping Students in the Rio Grande Valley - KUT - February 7th, 2017 [February 7th, 2017]
These Shows Understand Why TV Cannot Survive Without The Internet And They're Doing Something About It - Decider - February 8th, 2017 [February 8th, 2017]
10 reasons to not miss John Bender at El Club this weekend - Detroit Metro Times - February 8th, 2017 [February 8th, 2017]
Ideal Flatmate promises to stamp out all roommate worries - The Tech Portal - February 8th, 2017 [February 8th, 2017]
Five ways to ensure your kids are safe as they go 'online' - The Standard (press release) - February 8th, 2017 [February 8th, 2017]
How to improve your LinkedIn profile - ArabianBusiness.com - February 9th, 2017 [February 9th, 2017]
Deal: New customers can get Google Play Music and YouTube Red free for 4 months - Android Authority (blog) - February 10th, 2017 [February 10th, 2017]
Breaking Down Global Silos (Part 2): Lessons Learned from Conflict - Spend Matters - February 14th, 2017 [February 14th, 2017]
Issa Rae New Series Giants Is A Must Watch - CampusLATELY (blog) - February 15th, 2017 [February 15th, 2017]
Fake news, who benefits? - Shelbyville Times-Gazette (blog) - February 16th, 2017 [February 16th, 2017]
GST beneficial for traders, says official - The Hindu - February 16th, 2017 [February 16th, 2017]
It's time to get tech-savvy with The Mind Lab by Unitec! - Scoop.co.nz - February 16th, 2017 [February 16th, 2017]
'Being an Irish author is more of a Grimm fairytale than a Cinderella story' - Irish Times - February 17th, 2017 [February 17th, 2017]
Barbie becomes a hologram version of herself - TechCrunch - February 18th, 2017 [February 18th, 2017]
PLYMOUTH BUSINESS EXPANSION: MycomPETibility.com goes nationwide - Wicked Local Kingston - February 20th, 2017 [February 20th, 2017]
The three reasons YouTubers keep imploding, from a YouTuber - Polygon - February 22nd, 2017 [February 22nd, 2017]
SnailBlitz 2017: Citizen Scientists Wanted - NBC Southern California - February 22nd, 2017 [February 22nd, 2017]
Nikon D5600 Review: Hoping to Make Photo Transfers a Snap - Huffington Post - February 27th, 2017 [February 27th, 2017]
Appealing Social Security Decisions Online - CBN News - February 28th, 2017 [February 28th, 2017]
How to file your social security appeal online - WZZM13.com - February 28th, 2017 [February 28th, 2017]
Meteor is OpenSignal's own speed test app - SlashGear - March 1st, 2017 [March 1st, 2017]
Data limits are the worsthere's how to stay under yours - Popular Science - March 3rd, 2017 [March 3rd, 2017]
Overcome problems with public cloud storage providers - TechTarget - March 3rd, 2017 [March 3rd, 2017]
When Words Beget Blows - Outlook India - March 4th, 2017 [March 4th, 2017]
A man with vitiligo who was called 'zebra' by bullies has defied their cruel comments by becoming a model - The Sun - March 8th, 2017 [March 8th, 2017]
Shark Tank's Robert Herjavec coaches kids to fuel entrepreneurial spirit - VentureBeat - March 9th, 2017 [March 9th, 2017]
Everything new in Stellaris: Utopia, one of Paradox's biggest game updates ever - PC Gamer - March 10th, 2017 [March 10th, 2017]
IN TRANSIT: The Idol Maker - Mumbai Mirror - March 11th, 2017 [March 11th, 2017]
Paytm to continue free uploading of money - Business Standard - March 11th, 2017 [March 11th, 2017]
The perils and false rewards of parenting in the era of 'digi-discipline' - Minnesota Public Radio News - April 8th, 2017 [April 8th, 2017]
Showtime docu-series sees the 'Dark' side of tech - LA Daily News - April 8th, 2017 [April 8th, 2017]
Elon Musk: Australian man pens desperate letter to download his brain - NEWS.com.au - April 8th, 2017 [April 8th, 2017]
How Vestas Wind Systems used outsourced machine learning to transform contract management - Diginomica - June 7th, 2017 [June 7th, 2017]
Wednesday Web Artist of the Week: Eva Papamargariti - ArtSlant - June 7th, 2017 [June 7th, 2017]
Your Obsolete Brain: Life and Death in the Age of Superintelligent Machines - Digital Journal - June 7th, 2017 [June 7th, 2017]
Under Armour launches its first customisable shoes - just-style.com (subscription) - June 8th, 2017 [June 8th, 2017]
I Don't Care What You Think, I Love My Facial Birthmark - SELF - June 9th, 2017 [June 9th, 2017]
Cable: Where Are We Headed After This Political Meltdown? - Seeking Alpha - June 9th, 2017 [June 9th, 2017]
Best Screen Recorders Top 10 Screen Capture Software - Gazette Review - June 10th, 2017 [June 10th, 2017]
Nigeria just got a verified Twitter handle - TechCabal - June 12th, 2017 [June 12th, 2017]
Just keep pinning: why your business should be on Pinterest - Cambridge Network - June 12th, 2017 [June 12th, 2017]
Track-by-Track of Paramore's 'Riot!' Read Through Emo Teen Memories - Noisey - June 13th, 2017 [June 13th, 2017]
Decision day for Go Forward Pine Bluff - Pine Bluff Commercial - June 13th, 2017 [June 13th, 2017]
Addressing rape culture - News24 - June 14th, 2017 [June 14th, 2017]
Italy's Samantha Cristoforetti Says Being a Good Astronaut is All About Teamwork - Fortune - June 16th, 2017 [June 16th, 2017]
Google Drive will soon make it easy to Backup and Sync PCs, Macs - SlashGear - June 16th, 2017 [June 16th, 2017]
Track Of The Day 16/6 - Maximillian - Clash Magazine - June 17th, 2017 [June 17th, 2017]
AROUND TOWN: GOP chairman questions Ossoff's London office - MDJOnline.com - June 20th, 2017 [June 20th, 2017]
RESEARCH & TECHNOLOGY/INNOVATION: ITS Fiber brings fast connections, data center services to local business - TCPalm - June 20th, 2017 [June 20th, 2017]
Fiberlink Internet Packages & Prices 2017 - TechJuice (press release) (blog) - June 20th, 2017 [June 20th, 2017]
CS Editors: Creating Content - Security Sales & Integration - June 20th, 2017 [June 20th, 2017]
How to post a GIF to Facebook - Tech Advisor (registration) - June 21st, 2017 [June 21st, 2017]
The Living Vampire / Real Vampire FAQ (Frequently Asked Questions) - HuffPost - June 21st, 2017 [June 21st, 2017]
Facebook Is Introducing New Tools to Protect Women in India - Fortune - June 21st, 2017 [June 21st, 2017]
Mum drops off daughter at college then sends her hilarious texts with football team - NEWS.com.au - June 22nd, 2017 [June 22nd, 2017]
Is Chrome OS right for you? A 3-question quiz to find out - Computerworld - June 22nd, 2017 [June 22nd, 2017]
Facebook wants to stop creeps from downloading your profile picture - TNW - June 23rd, 2017 [June 23rd, 2017]
Action and Emotion - lareviewofbooks - June 26th, 2017 [June 26th, 2017]
6 ways to be more hirable and 1 that could land a job today - Deseret News - June 27th, 2017 [June 27th, 2017]
Searching for a Career? Set up a Free Profile at AutoCareCareers.org - PR Newswire (press release) - June 27th, 2017 [June 27th, 2017]
Industry Job Seekers Can Set Up A Free Profile At AutoCareCareers.Org - AftermarketNews.com (AMN) - June 29th, 2017 [June 29th, 2017]
Steve Mitchell The Mind of Watercolor Blog - June 29th, 2017 [June 29th, 2017]
How to Upload to Google Drive - Cloudwards - July 1st, 2017 [July 1st, 2017]
Stevie Ryan, YouTube personality, found dead at home - Blasting News - July 4th, 2017 [July 4th, 2017]
5 tips to a delicious food photo - Orlando Sentinel - July 5th, 2017 [July 5th, 2017]
Gordon Hayward the best Jazz wing player of all time? Not what the numbers say. - SLC Dunk - July 5th, 2017 [July 5th, 2017]
36 Years of Loretta's - Racer X Online - July 6th, 2017 [July 6th, 2017]
How to Work on Your Laptop at a Coffee Shop Without Being a Jerk - Lifehacker - July 8th, 2017 [July 8th, 2017]
There's a new most-viewed Youtube video, pushing Gangnam Style off the top spot - Buzz.ie - July 12th, 2017 [July 12th, 2017]
How to prevent bandwidth throttling with a VPN - T3 - July 14th, 2017 [July 14th, 2017]
Google will now let you back up your entire computer for FREE on its servers - Mirror.co.uk - July 15th, 2017 [July 15th, 2017]
Google Drive Backup and Sync lets you backup your entire computer: Here's how it works - BGR India - July 17th, 2017 [July 17th, 2017]
Why Mythology Still Matters: Wisdom from Game of Thrones' 'Dragonstone' - Big Think - July 17th, 2017 [July 17th, 2017]
Mum somehow manages to convince her daughter her nipple's fallen off in hilarious text exchange - Metro - July 18th, 2017 [July 18th, 2017]
Surrey police post selfie of a 'hot cop' posing by her car on Facebook to lure in new recruits and is inundated ... - The Sun - July 20th, 2017 [July 20th, 2017]