Scam of the Week – Hackers Combine Ransomware and PayPal Phishing in New Double-Edged Scam

January 24, 2019 2:32 pm Geraldine Strawbridge Ransomware and phishing scam

Hackers have taken their phishing scams to a whole new level by combining encrypting ransomware with a PayPal phishing page designed to steal credit card information.

The scam was uncovered by researchers at MalwareHunterTeam and marks a deviation from traditional phishing attacks by trying to snare the victim in a two-pronged approach.

The ransomware itself is not overly sophisticated but the related ransom note has been cleverly designed to provide a further opportunity to scam the victim.

As soon as the victim’s files have been encrypted, they are given the option of recovering their files by making a Bitcoin payment or using their PayPal account.

ransomware and PAYPAL PHISHING
Image: Ransom note (Source: HackRead.com)

If the user chooses to pay using PayPal, they will be redirected through to a phishing site that has been specifically set up to steal credit card information and personal details.

The page appears entirely legitimate, however as soon as the user submits their information, they are directed through to http://ppyc-ve0rf.890m.com/s2[.]php rather than the official paypal.com web address.

After the victim enters all their personal details, they are told their account has been unlocked and are directed through to the official PayPal page and prompted to login.

paypal phishing
Image: Fake PayPal Phishing page (Source: Bleeping Computer)

PayPal scams are nothing new, but this particular scam highlights the evolving sophistication that is being used to trick victims into disclosing sensitive information. Users must be extremely vigilant and question the validity of all emails, especially those from unknown sources.

To protect yourself from falling victim to a phishing scam, you should follow the below guidelines.

  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website – Legitimate sites will always be secured using a ‘HTTPS’ certification.
  • Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
  • Ignore and delete emails with poor grammar and formatting.
  • Remember – Reputable companies will never ask you to supply personal information in an email.
  • Back up data on a regular basis.
  • Never pay a ransom payment – There is no guarantee you will ever get your files back.
  • Ensure that all applications and operating systems are up to date.
  • Install the latest anti-virus software solutions on your devices.
  • Use strong passwords to reduce the chance of devices being hacked.

Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch or further information on how we can help your business.