SECURITY ALERT: Phishing scam targets PayPal accounts

Published

CSIT has discovered and received confirming reports from numerous faculty, staff and students of a phishing scam which targets PayPal accounts holders.  The message appears to originate from either of two compromised NWU accounts.

The phishing scam arrives with the subject “Paypal update” and although the sender email address is undisguised and clearly an NWU account.  The message body claims that the PayPal has updated their servers’ to improve security of accounts and demands that the recipient follow an embedded link labeled “Verify Now” in order to “verify” their logon information.  The message goes on to claim that their account will be closed is not verifies within 48 hours.  It is signed “Information Technology, Paypal Services, Information Security, Policy & Compliance.”

THIS IS A SCAM.  The embedded URL in the message leads to a faked logon page.  This particular scam is being perpetrated by the same scammers responsible for the phishing scam detailed in today’s previous security alert.  The fake logon pages for both are hosted on the same server.

CSIT has taken steps to re-secure the compromised accounts used to send these phishing messages, blocked the target site and will do what we can to remove the messages from NWU Inboxes.  Should you find one of more instances of this message in your NWU Inbox, please DO NOT follow the embedded link and delete the message immediately.  If you have already followed the link in the message AND entered your credentials, then recommend immediately changing your PayPal account password.