Latest Hack Steals Both Your Data And Your PayPal Account

January 15, 2019

MalwareHunterTeam announced yesterday that a new ransomware hack is circulating that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page. Once the victim’s data is locked, the victim is provided the option to pay the ransom with Bitcoin or PayPal. Because a far larger number of potential victims have active PayPal accounts than Bitcoin trading platforms, the intended target here is the person using PayPal.

If the victim chooses to pay using PayPal, the victim is led to a clever phishing site designed to steal the victim’s PayPal credentials. The logic here is simple: if the victim was gullible enough to fall into a ransomware trap in the first place, the victim will be at least as gullible (if not desperate) when it comes to paying the ransom. Here is a screenshot of the email:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If the victim opts for the PayPal Buy Now option, the victim will be brought to a phishing site that appears to be an authentic PayPal page:

 

 

 

 

 

 

 

When the victim submits his or her PayPal information on the phishing site, the victim is then redirected to a page requesting the victim’s address and other personal information.

After completing all the forms, the victim is told that his or her has been unlocked and redirects the victim to the normal PayPal login page, where the victim is prompted to login.

I’m Shocked: Gambling at Rick’s…

The upshot: Ransomware criminals are utilizing shrewder methods to steal money from their victims. This highlights the importance of analyzing any webpage that you visit before you enter login credentials. If the address looks strange or does not match its content, do not enter your credentials and leave the page immediately.

 

Recent Posts

Kennedy Law Wins Final Judgment for $6.5 Million

DALLAS--(BUSINESS WIRE)--Dallas-based law firm Kennedy Law, P.C. announced that it won a final judgment for $6.5 million for Commerce Street Capital against First United Bank & Trust Company and Durant Bank Corp. for breaching an investment banking agreement. The...

Hate Speech, The Sequel

On July 20, 2017, I posted a blog entitled Hate Speech Online. That blog recounted the disastrous consequences that one potential client endured after posting a hateful statement on Twitter. A third party that the potential client did not know re-posted the tweet for...

Should I Sign an NDA with My Employees?

There are a number of different situations in which you, the employer, may find it necessary to sign a non-disclosure agreement (NDA) with your employees. You want to develop trust with your employees, but you also want to be sure your business information is...