PayPal phishers bite via hacked dog training website

If you're not careful, you might be fooled into believing that it's a real email from PayPal.

PayPal phishing

Dear customer,

You sent a mobile payment for £47.00 GBP to JD Sports Ltd. A message has been sent to the recipient asking them to accept or refuse the payment.

Please note that it may take a while for this payment to appear in your Recent Activity list on your Account Overview.

View the details of this transaction online.

But the spammed-out message, which claims you have just made a mobile payment to JD Sports of £47, shouldn't spur you into clicking on the link to refute the claim.

Because if you do see red at the unauthorised payment, and follow the link you will be taken to what appears - at first glance - to be the real PayPal website.

Fake PayPal website

But be sure to check out that URL. It's really a website in Hungary that has been hacked.

URL of fake PayPal website

Entering your details on this bogus PayPal page will hand over your credentials to online criminals.

What's happened here is that a website has been hacked, and criminals have planted a bogus PayPal home page onto the hacked website's servers. The owners of the website probably aren't aware of what is happened, and clearly aren't taking enough care over their website security. Chances are that they have software running on their web server that is vulnerable to exploitation - and allowed the phishers to plant their trap.

I was curious to find out what the Hungarian website was, and wasn't disappointed when I found out.

It's an online store selling dog bite training suits. You know, the kind of thing which makes people look like the Michelin man in order to protect you from being bitten by a dog.

Not the normal kind of thing you would buy, of course, unless you were in the business of training dogs to bite people.

Hungarian woof

Everyone should be on the lookout for PayPal phishing emails, and ensure that their own websites are not vulnerable to hackers who might embed malicious code and webpages.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

One Response

  1. NoelB

    October 1, 2013 at 12:00 am #

    and yet that site does not appear, at present, in three
    largish malware domain lists (2200 UTC 30/9)

Leave a Reply