Many PayPal users looking for customer assistance are instead having to deal with cybercriminals.
According to International Business Times, cybercriminals are using Twitter as a platform to perpetrate phishing attacks against unsuspecting PayPal users by posting from fake accounts.
Scammers have been able to trick users into divulging their bank account details by posing as customer support staff from PayPal and sending them malicious links via interactions on Twitter.
The rise in social media fraud was noted in new research from cybersecurity firm Proofpoint.
In the report, a new form of social media-based phishing attack, referred to as “angler phishing,” is discussed, and recent example of attempts from two fraudulent PayPal Twitter accounts are shown.
“The attack technique takes its name from the anglerfish, which uses a glowing lure to entice and attack smaller prey. In an angler phishing attack, a fake customer support account promises to help customers but instead attempts to steal credentials,” Proofpoint staff explained in a blog post.
“Social media angler phishers create fake customer support accounts that target customers of a wide variety of industries, but we have seen a majority of angler phish attacks focus on customer support accounts for financial services brands,” the post continued.
In both of the fraud attempts, the fraudulent PayPal Twitter accounts monitored the Twitter feed of the legitimate PayPal handle in order to quickly respond to tweets from customers seeking assistance.
These fake accounts tend to do whatever they can to resemble the legitimate PayPal Twitter page, such as stealing the official PayPal logo and branding for their fraudulent pages in order to fool customers.
“We can also see that each of these fraudulent accounts have already performed attacks to other customers,” Proofpoint noted.
“If we visit the links in each of the angler phishing attacks, we are presented with a highly credible login screen.”