New research from Akamai has found that a new threat actor is parasitising benign WordPress sites to execute an extensive PayPal phishing scam.
According to the Akamai blog, the scam injects a discreet phishing kit into existing, non-malicious WordPress sites as a way of maintaining evasion. It then gains extensive access to a victim’s identity and information by mimicking new security practices.
Common bogus prompts require users to submit government documents and photographs, in addition to their banking information and email passwords. This can lead to substantial identity theft issues and further extensive loss of financial and data security. The scam also attempts to gain trust by claiming there is unusual activity, tricking users into going through with the security checkpoints.
A unique aspect of the phishing kit is that it attempts to directly evade security companies by providing multiple different checks on the connecting IP address to ensure that it doesn’t match specific domains or originate from security organisations.
The threat actor behind the site uses a file management plugin to upload the phishing kit, allowing for further exploitation of the WordPress site.
They use htaccess to rewrite the URLs to not have .php at the end of the URL. This gives the phishing page a more polished and professional look.
This new scam is only a small part of a significantly wider problem. Identity theft has so far affected 42 million people in 2021, with…
