Police in Merseyside, UK, arrested and then released a 15-year-old boy who allegedly hacked multiple PayPal accounts belonging to British citizens under investigation. Local authorities also inspected the child’s home, finding multiple high-cost devices such as an iPhone 11, an iPhone 8, an Apple Watch, multiple Android operating system mobile phones and even a mini bike, as mentioned in a report published by Teiss.
The young man was accused of violating multiple provisions of the Computer Misuse Act, in force since 1990. For affected users, PayPal recommended enabling additional security control, such as multi-factor authentication, to prevent similar attacks in the future.
One of the main operators of phishing attacks is the group known as 16Shop, which has multiple toolkits for the deployment of these fraudulent campaigns, which are constantly updated. Using this phishing kit the hackers have been able to extract login credentials, credit card numbers, phone numbers and location data from millions of users.
Specialists consider it highly likely that the arrested teen has found the phishing tools created by 16Shop in some public repository, although other methods, such as using a legitimate account to deceive other users, should not be ruled out. “A phishing kit allows hackers to send malicious emails in bulk and in multiple languages, so phishing campaigns can be launched with minimal resources,” says Javvad Malik of the KnowBe4 organization.
A cybersecurity firm reported that, since the beginning of 2020, an unusual increase in the misuse of known brands in phishing attacks has been detected, attracting users to unsafe sites where their login credentials and financial data are extracted by threat actors.
According to the report, the most commonly used corporate image in the most recent phishing attacks is that of PayPal, with approximately 16 thousand fake URLs used to steal the data of unsuspecting users. Other popular names used in these campaigns are those of Microsoft, Netflix, Apple, among other technology companies.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.