New PayPal Phishing Site Demands Users Submit a Selfie While Holding an ID Card

Over the past few months, we have seen a major increase in the number of PayPal phishing websites. Most of these platforms have also obtained the official PayPal SSL certificate, which is making matters even more complicated. It now appears some of these phishing sites ask visitors to submit a selfie where they hold their ID card. This is a so-called “identity verification procedure,” yet it exposes victims to potential identity fraud.

PayPal Phishing Sites Take Things to the Next Level

It is not entirely surprising to see criminals still deploy PayPal phishing websites. Now that it has become a lot easier to obtain SSL certificates for these sites, criminals are having a lot of success when it comes to defrauding users. In the most recent iterations of these phishing sites, criminals ask victims to confirm their identity by holding their ID card and taking a selfie. A very troublesome development, which could lead to all kinds of nasty consequences.

Phishing sites primarily exist to trick PayPal users into giving up their account login credentials. Additionally, some sites ask for additional personal information to confirm one’s identity. Requesting a selfie in which the user is holding their ID card makes a lot of sense in this regard. However, it is also a problematic development. For now, it is unclear what the criminals aim to achieve by collecting these selfies, yet they can do a lot of damage with it.

These new phishing sites work in the same manner as all similar sites did before them. Users are asked to enter their login credentials, after which they are greeted by a new page asking them to confirm the identity of the user. In one case, the assailant built a platform where users need to complete a four-step verification process. Users were asked to submit their personal address, payment card data, and the aforementioned selfie while holding one’s ID card.

It is certainly possible this ID information will be used for nefarious purposes. While the exact objective remains shrouded in mystery, some experts believe this selfie will be used to create accounts on cryptocurrency exchange platforms. Once such an account is established, criminals will be able to launder money through them while using someone else’s credentials. Thinking along these lines is a bit of a stretch, although one cannot dismiss the possibility either. Most exchanges ask users to verify their identity through a selfie while holding an ID card.

It is not the first time we see phishing site owners ask for a selfie depicting the user holding their ID card. The Acecard Android banking Trojan, which ran rampant in 2016 used a similar tactic. At that time this was considered to be a novel approach, although it has become a lot more common these days. In the case of these PayPal phishing sites, users are asked to upload the photo from their computer, rather than allowing them to access the webcam directly.

Further analysis of these PayPal phishing sites reveals none of the information – including the photo – is stored on this server. Instead, the email form is submitted to a Russian email account belonging to the Yandex service. Rest assured law enforcement agencies all over the world will try to find out who is behind this upgraded PayPal phishing scam, though. Actions like these will not go unpunished all that long.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.