The phishing is still a very profitable technique for crooks, phishers try to improve old tactic in a new fashion in order to steal victims’ information.
One of the most common suggestions to mitigate phishing attacks is to inspect the links in a mail to see if they reference to the website where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe.
Unfortunately, this is not enough to protect users, It is important never follow the URLs included in the emails or attachments.
The phishing page used in the attack spotted by the researchers is hosted on www[dot]egypt-trips[dot]co which seems to be an unused website running a WordPress CMS.
This technique could be very insidious if the attackers also hosted the phishing page on a website that appears as legitimate, for example http://paypalnew.com.
“Now if the phishers were intelligent enough to put this on a website with a half believable URL, something like http://paypalnew.com which was used in a series of Phishing attacks yesterday, we would be in trouble, because users wouldn’t realise that they were giving their details to a phisher.
Luckily enough, there are enough warning bells with this particular one to prevent most people falling for it, but some always do.” closes the post.
In this specific case, the site owner was already contacted by the expert.
(Security Affairs – Phishing, PayPal)