Cybersecurity experts discovered a sophisticated phishing campaign that used Google Ads and PayPal’s infrastructure to defraud users and obtain sensitive personal information.
The attackers abused vulnerabilities in Google’s ad standards and PayPal’s “no-code checkout” feature to create fake payment links that appeared authentic, duping victims into communicating with fake customer care agents.
Malicious actors created fraudulent adverts imitating PayPal. These adverts shown in the top search results on Google, displaying the official PayPal domain to boost user trust. A flaw in Google’s landing page regulations allowed these advertisements to send consumers to fraudulent sites hosted on PayPal’s legitimate domain.
The URLs used the format paypal.com/ncp/payment/[unique ID], which was designed to allow merchants to securely accept payments without requiring technical knowledge.
Scammers took advantage of this f
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: