Hackers have launched a major attack against PayPal users that’s meant to trick the company’s customers into providing information that could end up costing them money and their identity.

The Internet security company ESET says that hackers have designed fairly slick malicious email that ask PayPal users to provide their credentials to continue getting access to their accounts.

Customers who do so are diverted to a different website that tries to coerce consumers into giving up more private information, including their Social Security number.

Hackers used a similar email “phishing” campaign to steal information from people with Gmail and Yahoo accounts.


“We’ve seen these for years but this one is particularly well done, it’s quite convincing in the way it uses the language and the imagery of PayPal”, said Stephen Cobb, a senior research at ESET’s San Diego office.

“There’s an urgency and fear factor to try to get you to go to a website — which is a fake website — and provide your personal information, not just your PayPay credentials (username and password) — things like your Social Security number.

“Clearly it shows that there is a strong market out there for stolen information about people — whether its their account information, their credentials, or their Social Security number. You have a group of criminals stealing this stuff, putting it on the black market to sell to others, who will then use it.”

ESET said in an advisory: “If you’re concerned about PayPal security, you should log directly into PayPal.com itself and update your security settings, and if you know someone who has fallen victim, the first step should be to change their PayPal password before more damage occurs.”


Related cyber news

Tens of thousands of computers in San Diego infected with malware



Cybersecurity Playlist × On Now Senator Elizabeth Warren (D-Mass.) slams Equifax On Now LA 90: Yahoo data breach worse than originally reported On Now Lifelock offers to protect you from the Equifax breach — by selling you services provided by Equifax 1:02 On Now California beer maker thrives in Germany On Now Cyberattacks on Hollywood On Now Hackers gain access to OneLogin On Now What is WannaCry? On Now Senate overturns privacy rules for Internet providers On Now Online pirates claim to hold Disney's latest 'Pirates of the Caribbean' movie hostage, demand ransom On Now Yahoo warns users of malicious activity

Twitter: @grobbins


gary.robbins@sduniontribune.com