New Phishing Scam Targets Digital Payment and Online Banking Users

Cyber criminals are sending HTML attachments embedded with data URLs leading users to fake login pages.

The cyber criminal community widely depends on phishing scams to target unsuspected users, that’s why these attacks are not only increasing but also adding sophisticated means to trick users into giving away their personal and financial details.

Recently, security researchers at Cyren discovered a phishing scam targeting banking and digital payment customers worldwide. The targeted platforms according to researchers include online banking customers of Capital One, Chase, Fargo, Wells and online money transfer giant PayPal and Venmo.

Screenshot of the phishing email sent to Venmo customers.
Note the Data:text file embedded with HTML file

Screenshot of the phishing email sent to Chase Online customers.

The new phishing campaign carries the same old method of tricking users into clicking on a phony attachment file, but this time the attached HTML file is embedded with data URLs. It must be noted that last month, Gmail users were targeted with a similar phishing scam in which attackers embedded data URLs in PDF files which took users to a fake Gmail sign in page.

However, since the Gmail scam has been busted the attackers are heavily relying on HTML files to phish users. The latest scam according to Cyren is already reaching new heights with 50% increase only in the month of February. 

“These attacks are proving effective at evading detection by many email security systems, which typically allow HTML attachments, or are not capable of scanning their content, and therefore do not detect the telltale “data:text” URI header — as opposed to .exe attachments, which are commonly blocked,” notes Cyren.

This is not the first time when Cyren has discovered such scams. In the last couple of months, the firm has identified sophisticated phishing and malware scams including malware stealing data from cryptocurrency wallets and malware-infected PDF files targeting Facebook users in the name of celebrity nudes.

As far as their latest discovery, remember, this phishing scam only targets users with HTML attachment files, there are no links in the email body and neither does it ask users to click on any link. In case you have received such email avoid clicking and downloading the attachment file.

Related  PayPal will Pay $7.7 Million to U.S. Government For Breaching Sanctions Law

Also, PayPal phishing scams are at large where scammers are using highly sophisticated tricks to steal login credentials from unsuspected users.If you have an account on PayPal, it is advisable to log in to your PayPal account by entering the web address into your browser’s address bar or via an official PayPal app. The PayPal website has a verified green signature as shown in the screenshot below:


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Written by Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.