PayPal phishing scam posted as a promoted tweet on Twitter

• Twitter allowed a scammer to post a PayPal phishing scam as a promoted tweet on its social networking site.
• The phishing page asked visitors to login to their accounts and verify their details to win new year gifts.

On 1, January 2018, a PayPal phishing scam was posted in Twitter as a promoted tweet targeting users’ financial data through a lucky draw scam. The scam said, to be in with a chance of winning, you must log in to your accounts and verify your details.

The phishing scam from @PayPalChristm promoted a new year sweepstake event. While it didn’t explicitly say what the prizes were, the poster holds images of a new car and an iPhone.

Clues hinting a scam

The phishing scam left behind few minor clues that confirmed it to be a fake scam.

• The URL misspelled ‘PayPal’ as ‘PayPall’
• The Twitter account that posted the phishing scam had less than 100 followers.
• The image on the promoted tweet wasn’t coinciding and consistent with PayPal’s distinctive branding.
• Upon clicking the phishing link, users will be redirected to a page which did not have HTTPS and URL. However, the page appeared to look like a legitimate PayPal site.

Mathew Hughes, a journalist from Liverpool, England logged in with fake login credentials. Upon login, the page redirected to another legitimate looking page which asked to confirm payment card details such as debit/credit card holder name, card number, card expiry date, CSC number, and billing address.

This confirms that the PayPal phishing scam is not just keen on accessing PayPal accounts but also aims in targeting victims’ financial details and sensitive information. This kind of scams are becoming popular and are using promoted tweets as a part of their campaigns.