Digital Degenerate

If you are like me, you want to get your holiday shopping done as early as possible and with as few trips to the stores as humanly possible. I made the mistake of going shopping this weekend and found myself in a never ending procession of cars and people. About two hours into my fruitless (although I bought myself a few things) journey I was overwhelmed and swore to myself to buy as many items online as possible. Many of the websites that I and countless others will be making purchases from in the upcoming months offer PayPal as an acceptable payment method.

Since so many people use PayPal in conjunction with the impending holiday shopping spree, scammers are looking to take full advantage of unwary consumers.  The latest PayPal related scam targets PayPal users via email. Unlike most of the PayPal scams that we have seen in the past that included a link in the body of the message, these have an attached HTML. When the attachment is clicked a Java Script will produce a Phishing page that mimics a legitimate PayPal page. The input information is then sent off to another domain that will make it available for the cybercriminals.

Here is the message:

Here is the Phishing page:

During the next few months you should be aware that you will be a broader target for scammers looking to take advantage of your increased purchasing activity. Since most people will be making a far greater number of purchases on their credit cards around the holidays they would be less likely to notice fraudulent activity on their cards. As usual, all of our Spam Filtering and Hosted Exchange customers are protected from this threat.