Search
  • Dan Weis

New Paypal Phish - very well crafted

Hi Guys, I received this paypal phishing email yesterday which is probably one of the cleanest looking templates of late. It really forces you to look closely at it.


There are a few indicators in this one, firstly it's not addressed to an individual just "hello", to start off with. Also it is coming from a different domain:




What makes this really hard to spot for the victim, is that its using a display name as an email address, which causes it to be almost invisible on a mobile device. For example on my Android Outlook client when it arrived, it looked like this:



To the untrained it looks very much legit, not to mention this email successfully bypassed Microsoft's live email filtering, which to a victim, makes it look even more legit.


The attackers were also smart enough to tag me claiming an Australian purchase to make it seem more legit. Hovering over the dispute link or any of the others, takes you to this address:


This is the first time I have seen a .agency domain, I think it might be the same with Microsoft potentially, which is why it got through all the filters. You can see at the end of the web address it tags my email address to they can tie it back in their system to the creds recovered.

Detonating the link on app.any.run, it didn't give me anything via IE, but with Chrome it stated the page couldn't be found.



It might have been shut down after a bunch of phishes that obtained creds (which is common in campaigns, basically a quick hit and run) or that by me making up a different email address for the end of the link, it didn't match their access link thereby not giving me access to the site. But there is a very high probability it was a phishing website with the goal of obtaining credentials.

App.any.run identified 3 connections, one of which is based in China.

Please stay vigilant for these types of emails, as you have seen they are very well crafted and if seeing it on a mobile device and bypassing Outlook's filtering, makes it almost undetectable without investigation.


Remember the golden rule, if you haven't made a purchase, or you are not expecting an email from paypal, its most likely a Phish.


Until next time stay #Hackproof.


#hackproofyourself

#hackproof

#Phish

#Paypal

28 views

© 2020 HackProofYouself.com

  • Twitter - White Circle
  • White LinkedIn Icon