contadores de paginas web Saltar al contenido

Typical PayPal phishing to steal credentials and cards


The following is a typical PayPal phishing, i.e. a fake site posing as the service to steal user information:

Fake PayPal site

The attacker clones the PayPal homepage and uploads it to a server under their control, if the victim falls for the trap their username and password will be stolen. In the next step you are asked for personal information as if it were an update of the profile and of course, the details of your credit or debit card:

Fake PayPal site

Once the information is completed, a automatic redirection to the actual site PayPal that, as you can see in the following screenshot, starts with a striking HTTPS:

Real PayPal site with SSL certificate

Many people believe that any site with https is reliable, however this is not the case, Fake sites can also have https… you have to be careful with that, to avoid being deceived, the ideal is take a good look at the addresses of the pages and verify that your certificates are validThis is easily verified with a click on the padlock.

These certificates are like fingerprints, they are issued uniquely for each domain or address. In this case, we can see in the screenshot that the certificate actually belongs to, that is, to the site where we are.

If you are a Chrome user, you can find more information about the meaning of the padlocks and icons here; in case of using Internet Explorer here and Firefox here. Finally, I also recommend you read If you have a lock is it safe?

See also: A real PayPal email that looks like phishing # fail.Paypal Limitation Remover? you better not try strange things.