Home & Office

Fake PayPal site could lead to identity theft

A realistic-looking site purporting to be from PayPal billing is asking for information, including password and PIN details, from users that could enable identity theft
Written by Andy McCue, Contributor

Russian hackers are suspected of being behind a professional-looking but fake PayPal email scam designed to steal a person's financial and personal details for identity theft.

The email, which has being doing the rounds this week, is a much more detailed and convincing version of the long-running email that asks users to confirm their PayPal account details.

One reader of ZDNet UK's sister site silicon.com, Sarah Waller, who received the email, was concerned enough to try and contact PayPal directly.

She said: "If this is not genuine then how have this company established that I have a PayPal account? Personally, I find it peculiar that PayPal are asking for such highly sensitive information to be sent without requesting that customers log into a secure server, particularly that they are asking for ATM Pin number along with credit card number, password and email address."

The fake message appears to come from the billing department at PayPal.com and asks people to click on a link taking them to a genuine-looking PayPal page and re-enter their account details.

Once there the victim is presented with a convincing version of the PayPal site with a list of fields including name, address and date of birth, social security number, driving licence number, mother's maiden name, credit card and bank account details and PIN numbers, email address and password.

In short, that's just about all the information anyone would need to commit complete identity theft and use the details to apply for credit cards and loans.

The fake site, www.paypal-billingnetwork.net, also has links to a genuine PayPal 'help' section and corporate information and press releases from the real site.

Security experts believe PayPal will be able to shut the site down almost immediately for breaching its trademark but said the perpetrators will simply find another hosting company and start again.

Chris McNab, technical director of security consultancy Matta, told silicon.com: "This comes down to the hosting companies being lax when setting up the account. They have to tackle this problem when setting up sites."

Although the account with the Web hosting company will probably have been set up using stolen credit cards and proxy addresses, McNab said the most likely culprits are Russian hackers who could be tracked down.

"Law enforcement need to monitor traffic to and from the server. If the FBI or local law enforcement could put logging and auditing on the systems and gather IP addresses of the Russian hackers when they come in to download the details they could track them."

PayPal was contacted but no-one was available for comment.

Let the editors know what you think in the Mailroom.

Editorial standards