1. Latest PayPal phishing scam goes for more than just your login details

Security researchers at ESET are warning people about a new scam targeting PayPal users. It begins with a standard phishing email, but victims end up handing over financial and personal details in addition to their login credentials.

The scammers’ bait is an email supposedly from PayPal informing recipients that someone has attempted to log in to their account from an unknown device. You may well have seen legitimate emails like this before; organizations often keep track of the IP address you use when logging in to protect you from fraud.

However, a closer look at the way the email is written reveals that it’s a scam. There aren’t any obvious grammatical errors that you might expect from a phishing email, but other clues are there. For example, the browser that the login apparently came from is “chrome” with a lowercase C. “Chrome” should be capitalized as it’s a proper name – and would in fact probably be listed as “Google Chrome”.

Other clues that point towards this being a scam are the clumsily repeated “your account, your account” in the third paragraph and the misuse of the word “login”. The last one is an especially useful clue, because it’s a tricky grammatical concept to grasp and phishing scams often use the phrase incorrectly.

Login vs log in

If you’re unsure of the scammers’ mistake, be aware that 'login' and 'log in' have different meanings. 'Login' is a noun that refers to the username and password you use to access your account – i.e. your login details. It can also be used as a noun to refer to the act of logging in, as in “we’ve suspected unusual login activity”.

'Log in', by contrast, is a phrasal verb that refers to the processes you go through to access your account – e.g. “please log in to your account”. The scammers do a decent job in this email but still make mistakes, using the noun form 'login' to refer to the process by which you log in.

If you ever see an email that uses these words incorrectly, alarm bells should ring. It’s not guaranteed that you’ve received a phishing email – but we wouldn’t expect this error in a template email.

The next level of the scam

Those who fall for the scam and click the attached link are redirected to a bogus website that imitates PayPal. At this point, the scammers add an interesting element: they ask the user to enter a captcha code. This gives the illusion that the page the victim is about to enter is secure.

Likewise, the web address has a green padlock next to it, which many people take as an assurance that they’re on a legitimate site. Wrong. The symbol simply signifies that the site has an SSL certificate, which means the information shared between your computer and the website is encrypted. This means nothing if the website itself is fraudulent.

The final trick

Once on the site, users are asked to log back in to their account. This is where most phishing scams end. However, the scammers behind this attack have taken their con to the next level. Victims are presented with a series of screens asking them to confirm their personal details, including their billing address, payment card details and email address.

Anyone who complies with these requests will have handed the scammers a bounty of personal information that can be used for payment card fraud or sold on the dark web.

2. One of Australia’s largest IVF providers hit by phishing scam

Patients at Monash IVF started receiving strange emails towards the end of last year, seemingly related to recent medical appointments. The emails asked recipients to open an attachment, infecting their device with malware. The Monash IVF Group confirmed the attack began with a breach of its staff email system, possibly exposing patient data.

On top of this, the source of the breach – an IVF facility – creates a serious privacy issue, as many people are uncomfortable sharing the fact that they are undergoing assisted fertility treatment.

3. Personal data of staff at Singapore’s Ministry of Defense leaked after email attack

The Singapore Armed Forces and Ministry of Defence have been hit by malware that infected their systems following a phishing attack. The breach began at ST Logistics, a third-party vendor that both government departments use. Employees received bogus emails that contained a malicious attachment.

About 2,400 employees’ full names, NRIC (National Registration Identity Card) numbers, contact details and addresses were exposed. This incident is a timely reminder to ensure that you’re confident in the security practices of third parties.