TOKYO (MacHouse) – An organized cyber criminal group circulated a phishing message more than three hours ago, implicating eBay-owned online payment company once again. The title of the phishing message is Mise à jour. (See Screenshot 01.) And the message is entirely written in French.
 Screenshot 01 – Source: MacHouse |
 Screenshot 02 – Source: klmtrophies.com |
 Screenshot 03 – Source: MacHouse |
The message goes
En raison de préoccupations pour la sécurité et l’intégrité de votre compte PayPal
compte, nous avons publié ce message d’avertissement.
A raw English translation is ‘Because of concerns for the security and the integrity of your account PayPal counts, we published this warning message.’ Clicking on the hyperlink that says Cliquez ici, one will be forwarded to a phishing website hosted at http://klmtrophies.com. (See Screenshot 02.)
This is a potentially dangerous phishing campaign. An organized cyber criminal group has used many genuine e-mail addresses harvested from PayPal checkout websites. Every customized PayPal checkout page like the one shown in Screenshot 03 contains an e-mail address used by the website.
Our preliminary analysis shows that the immediate sender of the phishing message is a mail server used by popular French portal at orange.fr. It appears that the cyber criminal used another French website to pass the phishing message to Portail Orange. We will have a more detailed report hopefully within 24 hours.
Click on the button to watch a short documentation video. 
Click on the button to watch more documentation videos.
