PayPal phishing scam promoted on Twitter asked for personal details

The scamming message from alleged PayPal showed up on users' timeline as a promoted tweet

A promoted message on Twitter appeared to be a PayPal scam

While Twitter and PayPal scams during the Christmas period are nothing new, Twitter users were caught off guard when they saw a promotion on their timelines. As reported,^[1] the elaborate tweet came from an account named @PaypalChristm which pretended to be an official PayPal account. While it was not clear what the prizes were, the picture in the scam message showed a few iPhones and a brand new Maserati car. Of course, who would not want these gifts?

Bad actors usually aim for users credentials or seek to convince them to subscribe for some bogus services. This time, the former is the case, as users are asked to enter their details into what seems to be a PayPal login and then disclose their banking details.

Currently, the scam has been busted and the account shut down, but it does not mean that new similar type of scams will not show up in the future. Also, it is interesting how the fake message managed to slip through the implemented Twitter defenses and show up on users' timeline as a promoted tweet.

The structure of Christmas-themed PayPal scam

Since crooks managed to surpass Twitters' anti-scam protection, the tweet appeared on thousands, if not millions of users' accounts. The message used PayPal logo with the tag “Papal Christmas Gifts,” which might seem legit from the first sight. The tweet states the following:

paypall-christmasgifts.com

log onto your account. verify your details.
for your chance to be in Paypal's new year draw.

Looking at the text alone can bring many doubts to regular PayPal and Twitter users, as it simply feels and looks amateur. The name of the company in the address is misspelled, no capital letters are used when starting a new sentence, and a sentence is abrupted in the middle of it. Also, the image promoted does not look professional at all. Finally, the account that posted the tweet, @PaypalChristm, is not verified and has less than 100 followers.

Once phishing link is clicked, users are redirected to a spoofed PayPal login page. While visually it looks identical to the original, the lack of HTTPS and the URL give the scam away immediately. Those who fall for the trick, are then asked to enter their payment details, which confirms that bad actors were not after PayPal credentials, but for the banking details instead.

Twitter and PayPal have been abused by malicious actors for years

PayPal is a multi-billion company with the assets worth more than $40 billion and 244 million users. As evident, it is a huge company that is used worldwide, and PayPal phishing emails have been floating around the internet for almost two decades now. Also, malicious actors used the industry giant's name to infect computers with malware^[2] that is hidden inside the phishing email attachments.

Currently, Twitter is one of the most popular social networks with 335 million users worldwide.^[3] The platform was often used by phishing message authors, usually tricking users into disclosing their credentials or, as in this case, banking information. Twitter is a notorious place for fake accounts that promote phishing tweets, as proved the recent spam of tweets that seemingly came from the favorite entrepreneur and Tesla's CEO Elon Musk.^[4]

The threats were tackled, but who knows how many users fell into the trap and disclose their valuable information for criminals to harvest? The data can be sold in the Dark Web for as little as $1 per username and password.

Therefore, be wary of scams floating around social networks like Twitter, as malware^[5] infections or stolen personal details is something nobody wants to deal with.