Skip to Content
© Kamachi209 | Dreamstime.com
Security & privacy

Watch out for this fake PayPal form that tries to steal your credit card info

Magecart attacks are some of the most destructive kinds of cyberattacks you can encounter online. The sneaky tactic involves hijacking an online store and recording a victim’s payment information. Once they fill out a form, the data is sent to a server owned and controlled by hackers. It’s like phishing you can’t see.

These attacks have cost victims millions of dollars collectively, and some online shopping platforms have been hit especially hard. Tap or click here to see how 2,000 online stores were hit by one Magecart campaign.

As tricky as Magecart attacks are, hackers are still refining their tactics to make them even more effective. And now, a new campaign is using fake PayPal forms to trick customers. We’ll show you how to spot it.

Watch out for your money! This isn’t a real PayPal page

A new Magecart tactic found by security researcher Affable Kraut may be one of the most convincing ever. It uses an unusual technique to inject fake PayPal forms into online stores, and any information entered into these forms gets stolen by the hackers behind the scheme.

This pattern goes a bit further than traditional Magecart attacks and their fake landing pages. To make itself as authentic-looking as possible, the Magecart system scans the victim’s shopping cart and checkout page and partially fills its fake PayPal forms with them.

If you’ve ever used PayPal, you might know that you can save your information to autofill once your password is typed in. If you check out with PayPal and see your information already filled out, you’d have no reason to assume something was wrong.

According to Kraut, it even passes along taxes and shipping information for extra details. These hackers are many things, but lazy isn’t one of them!

How can I spot the scam? What can I do to protect myself?

Even though this Magecart attack spoofs a PayPal form, you should still rely on secure payment methods like PayPal for online transactions. This is because PayPal encrypts your data and can offer some recourse in the event you get scammed.

If you have two-factor authentication activated for PayPal, you’ll be asked to enter your code before you can check out. Fake PayPal forms from the Magecart attack will not prompt a 2FA login, so we’d advise setting this up on your PayPal account for extra security. Tap or click here to see how to set up 2FA for some of the most popular platforms on the web.

In addition to 2FA, here are even more ways you can protect yourself from this kind of attack in the future.

  • Shop big vs small: Smaller, independent stores are at higher risk for these kinds of attacks. Sites like Amazon, Walmart and Target dedicate a portion of their budgets to cybersecurity and are much less vulnerable.
  • Secure payment services: When you check-out with a real PayPal window or the Shop app, you’re actually redirected to pay through PayPal’s website. This means any malicious code hanging out from a Magecart attack can’t scan your information. 
  • Don’t save credit card details in your browser: If your system ever gets hacked or someone snoops on your computer, having credit or debit card numbers saved in your browser can turn into a nightmare. Tap or click here to find out how to remove saved payment card details from your browser.

Want to make your online shopping experience even safer? Tap or click here for 5 safer ways to pay and shop online.

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now