Advanced phishing tactics used to steal PayPal credentials

“Your Account PayPal Has Been Limited” Phishing Scam

There’s a “Your account has been limited” email in circulation, targeting users of PayPal. The mail, which (bizarrely) claims to come from servicesATapple.com, claims that the account needs to be unlocked by confirming the potential victim’s identity.

PayPal phish mail

The Email reads as follows:

Your Account PayPal Has Been Limited !

Dear Customer,

To get back into your PayPal account, you'll need to confirm your identity.

It's easy:

Click on the link below or copy and past the link into your browser. Confirm that you're the owner of the account, and then follow the instructions.

The link leads to a .ma URL, which is the country code for Morocco:

confirm-identity(dot)me(dot)ma

The page is currently offline, but there’s a collection of related websites with similar URLs as per this VirusTotal page.

Some of these have been taken down, a few are still live so it’s probable there are multiple email campaigns leading to each of the fake sites:

confirmation-identity(dot)ab(dot)ma/ confirm-identity(dot)about(dot)ma/ verification-identity(dot)me(dot)ma/ resolution-center(dot)me(dot)ma/ confirm-identity(dot)about(dot)ma/ confirm-identity(dot)ab(dot)ma/ verification-identity(dot)mx(dot)ma/

A few examples of what’s on offer: a page asking for card details, a redirected URL asking for PayPal username / password and a site removed message.

Clearly, somebody really wants to get their hands on PayPal logins and payment information. In all cases, delete the mail and don’t click on the URLs which aren’t official PayPal domains or secured with https (occasionally phish pages use https, but they’re pretty rare) . If in doubt, look for the green box on the left hand side of the URL bar. Clicking it will tell you that you are indeed on the right site and can login safely. Here’s a few more PayPal security tips – safe surfing!

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.