Internet users in Australia, particularly PayPal customers, should be wary if they come across an email that informs them of a payment in Australian dollars (AUD) to an online company.
The emails spotted by Hoax Slayer read something like this: “You sent a payment of $56.00 AUD to Big W Photos Online. It may take a few moments for this transaction to appear in the Recent Activity list in your Account Overview.”
After providing a brief description of the alleged payment, the emails read: “If you belive this is an error please follow the link below to login to your paypal account. On the next page, please complete the required details, then press the ‘Cancel Payment’ button to confirm. Your payment will be cancelled and the funds returned to your PayPal account.”
Of course, many users will believe that it’s an error and they will want to press the “Cancel Payment” button. However, when they click the link, users are not taken to the PayPal website, but to a phishing page where they’re asked to enter their information.
The cybercriminals are after names, addresses, credit card details, and driver’s license information.
While the sample analyzed by Hoax Slayer appears to target Australian users, it’s possible that there are other variations of this attack designed for internauts in other countries as well.
If you’re a victim of this scam, contact your bank to ensure that your payment card will not be abused by the fraudsters. Also, if you’ve handed over driver’s license information, the crooks might use it for identity theft so you might want extend fraud alerts and put a credit freeze on your file.