Twitter Let Someone Promote an Obvious PayPal Phishing Scam
(Jan 2, 2019)
A Twitter post by the unverified account, "@PaypalChristm," was publicly promoted by Twitter despite being a phishing scheme. The fake PayPal post was promoting an "end of the year sweepstakes" that provided a link "paypall-christmasgifts[.]com" to verify a person's PayPal details to be entered to win unnamed prizes. Clicking the link takes the user to a fake, unsecured PayPal login page. If the user logs in, they are directed to a form to verify their card credentials by entering in their name, card number, expiry date, CSC, and billing address.
Recommendation: Users should be cautious when clicking on advertisements because as this story portrays, malicious advertisements can sometimes appear on legitimate online locations. However, clicking on such advertisements is not always required. If the advertised product is appealing, it would be safer to search for the product on the authentic websites of the company who is selling the product, or other trusted online shopping locations.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.