Many PayPal lookalike phishing websites taken offline

Some were nearly identical copies of PayPal's website, OpenDNS said

paypal headquarters
Credit: REUTERS/Beck Diefenbach

PayPal has worked to shut down a handful of phishing websites that sought to steal people's login credentials by appearing to be the company's real website, according to a security company.

Many of the sites, which are offline or have been redirected, were nearly identical copies of PayPal's website, which could have fooled some victims into divulging their details, according to OpenDNS, a security company that in part monitors for suspicious domain name registrations.

PayPal has long been a target for fraudsters who for years have registered domain names that try to mimic legitimate PayPal domains or services in order to compromise accounts.

The more convincing phishing sites in this latest batch may have been created using a custom software kit rather than merely copying and pasting code from PayPal's real site, said Andrew Hay, senior security research lead with OpenDNS.

"We have it on good authority from our contacts at PayPal that the kits being used were quite sophisticated when compared to others that they have seen previously," Hay wrote via email.

In two instances, the fraudsters registered the domain names "redirectly-paypal.com" and "security-paypal-center.com" through Wix.com, a Web-based service for creating websites. Both sites are no longer active.

Other suspicious domain names were bought through Enom, a domain name registrar, OpenDNS said in a blog post.

Whether Enom should be watching for such spoof domain accounts is "not really our place to say but we would, however, love for more registrars and hosting companies to proactively monitor domains of this nature to better protect their customers in addition to their own brand," Hay said.

He said OpenDNS is still investigating and was not ready to attribute the spate of attacks to a specific group. That information may be released later, he said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.