According to the news report, the CSPP project, which
focuses on helping developing countries create and implement climate-smart
policies, was ideal for phishing attacks as it used an Extended Validation (EV)
SSL certificate issued by Comodo for the World Bank Group.
Since the website carried EV and SSL certificate issued for
the World Bank Group, it gave the phishing website enough credibility for the
visitors to easily fall for it.
It is said that the certificate gives the “highest available
level of trust” as it is offered after an extensive verification process.
After that it displays the name of the owner.
Now, the PayPal phishing site tricked the visitor into
logging in with their PayPal credentials. Soon after, the data was submitted and
stolen, the user was prompted that the site was unable to load the user’s
account and required confirmation of their personal information.
The site then required the user to share their email
address, name, postal address, date of birth, and phone number.
Then, it asked the user to verify their PayPal payment
information, including credit card number, expiry date, its CVV number, and 3D
Secure password if the card required verification. After collecting this
personal and payment information, the phishing site then directed the user to
the legitimate PayPal website.
The phishing page was hosted on climatesmartplanning.org,
the fact that the green address bar in the browser displayed “World Bank Group”
might have convinced users that the page was legitimate.
According to various news reports, the same CSPP website was
also targeted by a different type of hacker. Although, the phishing page was
removed by the CSPP webmasters, the site’s homepage was defaced by an Iraqi
hacker who appears to deface random websites in an effort to boost his
reputation among his peers.
Today, the site’s EV certificate has been revoked.