Paypal, one of the world's largest Internet payment platform, is getting some new challenges this year. The latest threat is in a form of a phishing scam that used an authentic-looking email to trick Paypal customers into compromising their personal information.

New PayPal-Targeted Phishing Scam Spotted In The Wild

According to WBALTV, the emails appear to be from a legitimate source but actually, trick users and redirect them to legitimate-looking but fake landing pages.

ESET, a Slovakia-based cybersecurity firm, made the explanation how the world's most used payment platform, PayPal, has been used in the latest phishing campaign.

The Slovakia-based cybersecurity firm is well-known in the IT circle for its field of specialization- the online firewall and virus protection. The company has already earned a reputation for tracking some of the most tech world's most advanced malware and another form of malicious online activities.

As explained on the ESET website, the user clicks on the legitimate but actually fake login button, and then the user will be redirected to a Paypal page that appears to be legitimate.

In the fake page, users are being tricks and then taken down a virtual rabbit hole of deception, with each page visited asking for more sensitive personal information under the guise of identity verification.

For example, a false but legitimate looking website may ask for user's' social security number, and even inquire which country the user currently lives.

How To Protect PayPal Account And Defeat Phishing

Fortunately, The Slovakia-based cybersecurity firm has managed to take some deep explanation how the hackers did latest tricky phishing scam. The company has also come out with more effective ways on how to prevent and eventually defeat this kind of phishing campaign.

According to ESET's security researcher Cameron Camp, the domain has nothing to do with PayPal sites, but rather are phishing scam URLs.

Camp even explained deeper that other form of phishing campaigns, also use a myriad of dynamically generated domain names, which is another important clue for the PayPal users that something isn't right and that they need to take action.

The security researcher made also some important advice on how to effective prevent this scam. The first things to do is to verify first the domain name of the sender. ESET said that a random combination of letters and numbers instead of just its real domain name "paypal.com" is already a good hint that something is not right about the sender.

But the most important things to do is to avoid clicking the link in a suspicious email. The security firm strongly recommended that when using Paypal, the user will need to open a new browser window and type manually the URL address in the browser web address instead of just clicking the link in the email.