Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
PWS:HTML/Phish.M is an HTML file that imitates the legitimate Paypal website to steal user information.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
PWS:HTML/Phish.M is an HTML file that imitates the legitimate Paypal website to steal user information. You may receive an HTML email message containing this file, or it may be hosted on a website that you are led to.
The fake Paypal website may appear similar to the following:
Because the HTML webpage looks similar to the legitimate Paypal site, a user may unsuspectingly fill out all the information in the page. If "Submit Profile" is clicked, all the information is sent to a remote attacker.
The stolen information may include the following:
User's email address
User's Paypal password
Social security number if the user resides in the USA
User's address
User's credit card information
In the wild, the stolen information has been observed sent to the IP address "206.<removed>.208.15".
