PayPal phishing kit added to hacked WordPress sites for full ID theft
A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos, Akamai revealed.
The phishing kit is hosted on legitimate WordPress websites that have been hacked, which allows it to evade detection to a certain degree.
To increase the credibility of the phishing pages, the kit maker exploits the fact that it has become normal for brands and companies nowadays to enforce different security measures, for ex. asking for proof of identity via official document upload, credit card verification, etc.
Read more on Help Net Security