A fake one by clicking here of paypal which was essentially fishing for victims (phishing), asking users to confirm their account by sending a selfie photo of themselves in which they would keep their identity.
Her fake website PayPal deceived its victims by presenting a copy of the Paypal login page urging users to login by giving their password, and in addition their credit card details, and self a selfie of the user in which he would explicitly keep his identity.
The issue was brought to the fore by researchers PhishMe security, and according to their report, the scammer was trying through messages with emails directing users to a phishing PayPal website, written in Wordpress, located in New Zealand.
At this time, this phishing website has been removed. Its URL did not resemble that of Paypal, so users who had some phishing experience would have to immediately notice that they were on a page with the wrong address.
In the first user identity documentation, the website asked users to write their name and password. But the crook was not satisfied. Once someone gave their code to this page, then the scammer was sure he was dealing with a careless or untrained user, so he was asking for more information. During a four-step process, the website requested the user's address, credit card details, and a selfie photo that would hold his / her identity.
It is not clear why the scammer wanted this information. Her expert PhishMe Mr Chris Sims believes he wanted them to "create cryptocurrency accounts, to launder money stolen from other victims."
Φυσικά αυτή η τεχνική με την selfie, όπου το θύμα κρατά την ταυτότητά του στο χέρι, δεν γίνεται για πρώτη φορά. Τον Οκτώβριο του 2016, η McAfee είχε ανακαλύψει μια παραλλαγή του τραπεζικού trojan Acecard Android, που επίσης ζητούσε από τους χρήστες κατά τη σύνδεση του mobile them to their bank account, take a selfie holding their ID.
The tactics were quite innovative at the time, and several articles were written about it. So he probably gave the idea to the current scammer and decided to adapt it to his phishing.
The process of “selfie Missions" on the current website is strange. Instead of relying on WebRTC or Flash to access the user's camera for the user to take a photo and save it automatically, the scammer asked users to upload a photo from their computer. This means more hassle, as the user has to take a selfie, transfer it to the computer, and then upload it to the scammer's page. Extending the attack in this way gives the user more time to notice something wrong with the fake Paypal website and stop the process.
In addition, there is a second issue. Phishing websites usually do not have rules in the form of the validation format, and they take whatever users upload. This phisher had special rules for the format of the photos and requested only JPEG, JPG or PNG format.
The scammer also did and Mistakes. The user's photo was not stored on a server under the control of the scammer, but he sent the data to an e-mail address at "oxigene[.]007 @ Yandex[.]com."
Sims says he looked for that address in the Skype user directory and found a person named "Najat Zou," from "Mansac, Frances." Of course this information is not reliable to determine the nationality or location of the user, it simply provides a first step from which the police can start their investigation if they decide to investigate the case further.