The phishing website was hosted on Climate-Smart Planning Platform website (climatesmartplanning.org) and seems genuine. Once users were putting their credentials, they were prompted that their user account was unable to load with a button below which asked them to confirm there "informations" in order to access their account.
On the next page, the users were asked to fill a form which included details like, victim's name, date of birth, address and phone number. After submitting, users were prompted to enter their full card number and the CVV number. If the victims selected ‘Verified by Visa or MasterCard SecureCode’ checkbox, they were prompted to enter their 3-D Secure password, allowing the attacker to make online purchase where there are additional security layers.
After submitting all the details, the victim was redirected to the official Paypal website. At the time of publishing, the website was unavailable, with a message “website under maintenance” desiplayed. If you have fallen victim of this phishing attack, we advise you to change your password as soon as possible and to contact your card provider.