New Phishing Kit Hijacks WordPress Sites for PayPal ScamNew Phishing Kit Hijacks WordPress Sites for PayPal Scam
Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.

Researchers have discovered a new phishing kit that injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data, including government documents, photos, and even banking information — under the guise of security controls.
Akamai researchers said the attackers use a file management WordPress plug-in to deploy the phishing kit, which includes several checks on the connected IP addresses to evade detection of their known malicious domains. It also allows the threat actors to rewrite URLs without the .php at the end, making them look more like genuine addresses.
Once up and running, the scam PayPal site asks victims to jump through a series of apparent security measures — even a CAPTCHA challenge — when the threat actors are simply grabbing the information for data and identity theft.
"By using captcha immediately, telling the victim that there has been unusual account activity, and reinforcing 'trust' by utilizing 'new security measures' like proof of government identification, they are making the victim feel as if they are in a legitimate scenario," the Akamai team explains in their new report on the PayPal phishing kit. "The same methods that can ensure an identity is secure can ultimately lead to total identity theft — not just credit card numbers, but cryptocurrency accounts and anything else the threat actor wants to obtain."
About the Author
You May Also Like
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025