"PayPal Users Targeted in New SMS Phishing Campaign"
A new SMS-based phishing campaign is going around that attempts to steal PayPal user's account credentials and other sensitive information, according to researchers BleepingComputer. The SMS text message impersonates the popular payment processor and informs potential victims that their accounts have been "permanently limited" and that they need to click on the link to verify their identity. At first glance, the message may not seem very suspicious because PayPal does impose limits if it suspects that a third party without authorization has accessed an account, when it has detected high-risk activities on an account, or when a user has violated its Acceptable Use Policy. If a victim clicks on the link, they are redirected to a login phishing page to request their access credentials. Should the victim proceed to "log in," then their credentials will be sent to the scammers behind the ruse, and the fraudulent webpage will attempt to gather further information, including the victim's full name, date of birth, address, and bank details. PayPal is one of the most-spoofed brands in phishing scams.
WeLiveSecurity: "PayPal Users Targeted in New SMS Phishing Campaign"