PayPal, Wells Fargo Among Most-Spoofed Sites During Holidays


Mobile devices were not immune to the holiday attacks, wrote Paul Pajares, a Trend Micro fraud expert, in a blog post explaining the analysis. Pajares said Trend detected a spoofed PayPal Mobile site, which can be very convincing to the device user. "Because mobile users will typically not see the whole URL, users may readily think that they visited the legitimate website," Pajares wrote.

Attackers used the Zeus Trojan to spoof several top U.S. banks in early December. Researchers at Dell-SecureWorks detected the Zeus gang using the Cutwail Botnet to send out millions of spam messages. The messages attempt to trick the victim by urging them to open an attachment to register to accept secure messages from their bank. The attachment opens up a downloader that downloads the Zeus banking Trojan. Zeus is a malware family that has plagued the financial industry for years.

PUBLISHED JAN. 3, 2013