Explanation
In this phishing attempt, the threat actor uses a fake email with a security notification about an unauthorised Paypal account access.
When clicking on the link ‘update your account’ (hxxps://www.sunrisetrailerparts[.]com[.]au/wp-content/ussu/), a fake Paypal login page is shown. After that, the phishing continues in three different stages.
- 1st stage: There is a form that asks personal identifiable information, the birthday date, email address and phone number.
- 2nd stage: Another form to input credit card credentials.
- 3th stage: The final form where the social security number and a 3D secure code (Luxtrust for most users) are asked.
This phishing attempt is a lot more than a simple Paypal credentials phishing.
Example
 
 


