"PayPal-Themed Phishing Kit Allows Complete Identity Theft"

Akamai researchers analyzed a phishing kit that leads users through a series of pages and forms intended to gather information that can later be used to steal the victims' identities, commit money laundering, open cryptocurrency accounts, make false tax return claims, and more by misusing the PayPal logo and general design. Attackers utilizing the kit are going after reliable WordPress sites. In order to upload the phishing kit, they guess or brute-force the WP admin account's login credentials and install a file management plugin. Researchers Larry Cashdollar and Aline Eliovich said that one of the distinctive features of this phishing kit is its attempts to directly bypass security companies by providing multiple different checks on the connecting IP address to ensure that it does not match specific domains or originate from security organizations. In order to prevent the phishing pages from having the obvious .php at the end, the kit's author used htaccess to rewrite the URLs. The kit maker takes advantage of the fact that different security measures are now routinely implemented by brands and businesses to boost the legitimacy of the phishing pages. This article continues to discuss what the PayPal-themed phishing kit looks like from the victim's perspective and the techniques used by the kit's authors to evade detection. 

Help Net Security reports "PayPal-Themed Phishing Kit Allows Complete Identity Theft"