New PayPal Phishing Kit Allows Identity Theft

ATTACK Simulator
4 min readAug 17, 2022
New PayPal Phishing Kit Allows Identity Theft

Akamai researchers recently discovered a new PayPal phishing kit that is capable of stealing your identity and allows its operators to perform any fraudulent action they desire in your name.

A Very Dangerous And Capable PayPal Phishing Kit

By slightly altering the PayPal logo and general appearance, but in a measure that maintains the illusion of the real deal, the new phishing kit leads users through a series of pages and forms designed to collect information that can later be used to steal the victims’ identity and perform illicit actions such as money laundering, opening cryptocurrency accounts, making fraudulent tax return claims, and the list can go on.

The Phish From The Victim’s POV

To create the illusion of legitimacy and security, the scheme initially asks you to pass a security CAPTCHA test that actually works.

Source: Akamai

Once you pass the challenge, you are asked to fill in your PayPal account credentials. Then, a bogus warning saying that PayPal has noticed some unusual activity on your account is displayed, and that you need to secure it. For that, the page claims you’ll need to share the following sensitive information:

- Your credit card information (including CCV number), your name, date of birth, real-world address, and phone number
- Your ATM PIN, Social Security number, your mother’s maiden name
- Your email login credentials
- A photo of a document issued by the government and a selfie “to confirm your identity”

Finally, to make the deception come full circle and to give you a false sense of security, the phishing kit shows one last image:

Source: Akamai

A Closer Look At The PayPal Phishing Kit

The threat actors using the new phishing kit are targeting genuine WordPress sites. They crack the credentials for the WP admin account by guessing or by brute-force attacks and install a file management plugin that allows them to upload the phishing kit.

“One of the unique aspects of this phishing kit is its attempts to directly evade security companies by providing multiple different checks on the connecting IP address to ensure that it doesn’t match specific domains or originate from security organizations,” researchers Larry Cashdollar and Aline Eliovich shared.

The developer of the phishing kit has also used htaccess to rewrite the URLs, so that the phishing webpages don’t have the .PHP dead giveaway at the end.

To add to the credibility of the malicious pages, the author takes advantage of the fact that it has become the norm for brands and companies nowadays to enforce different security measures.

“Looking at this kit from an outsider’s perspective, it may seem obvious that it isn’t legitimate. If you have been on PayPal’s site any time recently, you would know this isn’t a real page: PayPal links to both credit cards and banking information directly, allows a one-time password for login, and would never ask for your ATM PIN. However, the social engineering element here is what makes this kit successful,” the researchers concluded.

Keep Phishers At Bay With ATTACK Simulator

Phishing lurks in every digital corner of our lives. Researching the latest phishing trends and strategies and adequately training your employees can be a hassle, so leave it to professionals.

Your safest bet is to provide your employees with a solid and comprehensive Security Awareness Training program, such as ours.

Here are a few perks of choosing ATTACK Simulator:

- Automated attack simulation — we simulate all kinds of cyberattacks.
- Real-life scenarios — we evaluate users’ vulnerability to give company-related or personal data away using realistic web pages.
- User behavior analysis — we gather user data and compile it into extensive reports to give you a detailed picture of your employees’ security awareness level.

- Malicious file replicas — our emails contain malware file replicas, to make the simulation as realistic as possible.
- Interactive lessons — if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
- Brand impersonation — we impersonate popular brands to make the phishing simulations all the more realistic.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.


Akamai The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures

Bleeping Computer PayPal phishing kit added to hacked WordPress sites for full ID theft

HelpNetSecurity PayPal-themed phishing kit allows complete identity theft


Feature Image: Photo by Marques Thomas on Unsplash



ATTACK Simulator

We’re a fresh startup that aims at creating a culture of security in every company by teaching security awareness through automated phishing simulations.