PayPal phishing campaigns are quite common, where phishing emails state the victim’s account has been permanently ‘limited’ unless they verify their account by clicking on the link, and the link directs the victim to a phishing page that prompts to log in to their account. Sometimes the phishing page will go a step further and try to collect additional relevant details such as the victim’s home address, phone number, bank details and more. The information filled is sent to the threat actors who can use it to conduct identity theft attacks, gain access to the victim’s other accounts, or perform targeted spear-phishing attacks. Another PayPal phishing website with a similar concept was found, the website was active in March 2021. 8 From our observation, it seems that as of now phishing on digital wallets is less common than phishing attacks elsewhere. This could be explained by the amplified security on the different digital wallet apps. The fact that Samsung Pay and Apple pay come preinstalled on new compatible devices and there is no web platform that can be manipulated makes them less susceptible to phishing attacks. Google Pay is used through an app but is also available on a web interface, which makes it more vulnerable to phishing and social engineering attempts. 8 https://twitter.com/phishingalert/status/1370293136086474753