PayPal is the world’s most popular payment system – for threat actors trying to trick people into giving away their login credentials, new research has claimed.
Analyzing phishing campaigns taking place throughout 2021, Atlas VPN researchers found that almost two in five (37.8%) of all financial phishing attacks impersonated PayPal.
The premise is simple – the threat actors will set up a landing page that looks almost identical to the PayPal login page, and will create an email that mimics the looks and the feels of a newsletter, notification email, or warning from the company.
Amazon and Apple in the crosshairs
That email will always hold a link, inviting the victim to log in with their endpoints and sort out whatever troubles await. That link, however, instead of driving the victim towards the actual PayPal login page, will lead them into the fake landing page where, if they’re gullible, they’ll give away their passwords to the attackers.
Besides PayPal, cybercriminals also love impersonating Mastercard. As the second most-abused financial payment brand, Mastercard was impersonated in 12.2% of phishing instances. The goal, in these attacks, is to obtain credit card information.
With a 10% market share, American Express took the third spot.
“To avoid getting tricked by a phishing attack targeting payment systems, users should keep in mind several things,” says Atlas VPN cybersecurity writer Vilius Kardelis.
“Websites impersonating popular brands will always have suspicious domain links, which can help to recognize whether the page is legit easily. Also, emails from scammers might contain grammatical errors, so keep an eye out for that.”
Payment services aside, threat actors also love to impersonate ecommerce brands, with Apple and Amazon being the most abused brands. Almost half of all phishing attacks that used an ecommerce brand (48.78%) chose Apple, while Amazon was used in 21.48% of cases.
With 5.32% of the market share, eBay takes the third spot, followed by Alibaba with 4.14%.