A new phishing campaign is using the website creation service Wix.com to create websites that imitate the design of the PayPal website. The fake websites are sent out through email and are professionally designed to look like the real PayPal site and trick victims into giving away personal information.

Multiple domain names including redirectly-paypal.com and security-paypal-center.com were registered through Wix.com in an attempt to appear as much like an authentic PayPal site as possible. Without careful attention, these deceptive domain names could go unnoticed.

The best defense against a phishing scam at your company is to train employees to question all requests for sensitive information before providing it. Phishing campaigns rely on the fact that people are generally trusting and tend not to question something if it looks legitimate. Additionally, you and your employees should be aware of some of the different forms that phishing scams can take:

  • Email messages that seem to be from a legitimate source, but ask you to enter, verify, or change your password.
  • Email messages that request you click on a link that directs you to provide sensitive information.
  • Mobile or text messages with an “urgent” request for information or verification of sensitive business data.

Although this particular campaign used Wix.com to create phony websites, be aware that there are many other website creation services available, including WordPress, Weebly, and Squarespace, that cyber criminals could be using to lure in victims. For additional information on how to detect a phishing scam, visit the Knowledge Center of your portal, or contact your Client Services representative.

2015 Content Intern