A PayPal phishing campaign is luring victims to a hacked site where a clone of the PayPal login page is trying to trick users into giving away their PayPal credentials, payment card details, and a selfie of the user holding his ID card. A similar tactic was seen last year when McAfee discovered a variant of the Acecard Android banking trojan asking users to take a selfie holding their ID card when logging into their mobile banking accounts. PhishMe expert Chris Sims believes it is “to create cryptocurrency accounts to launder money stolen from victims”””
Source: https://www.bleepingcomputer.com/news/security/paypal-phishing-site-asks-victims-to-submit-a-selfie-holding-their-id-card/