Protect yourself from PayPal phishing attacks: Learn to spot the signs of a spoofed email and avoid falling for scams that use legitimate PayPal accounts to deceive unsuspecting victims.
PayPal has been one of the most lucrative targets for hackers and spammers which is why customers often complain about phishing scams. Now, the cybersecurity researchers at Avanan have discovered that cybercriminals are once again exploiting PayPal’s online payment system to send malicious invoices directly to users.
In the ongoing campaign, attackers are reportedly abusing PayPal by creating accounts and generating invoices for sending phishing emails. This should not come as a surprise, as just last month, PayPal notified over 35,000 customers about a security breach, which goes to show the popularity of PayPal among cyber criminals.
Email Content Analysis
The email informs the recipient about fraudulent activity on their account, and if they do not call the listed number, they will be charged a hefty amount, such as $699.99 or more.
It is worth noting that the emails sent in this campaign are not malicious; they are sent directly via PayPal and can pass several checks, such as DMARC, DKIM, and SPF. The problem is that these emails are sent from service@paypal.com, so they appear legitimate, and users fail to identify the trap.
Additionally, in a blog post, Jeremy Fuchs of Avanan stated that the scam works because of static email Allow Lists, which allow content to go directly into the inbox if it arrives from a reputable service like PayPal.
Why is PayPal being Targeted?
The reason PayPal is so easily targeted in this campaign is that the platform allows users to create accounts easily. Therefore, anyone can exploit the free service. Furthermore, threat actors can use PayPal’s tools to create professional-looking malicious invoices. This way, attackers can easily disguise themselves as employers or family members.
How Can You Detect Malicious Invoices?
This campaign is different from other attacks leveraging PayPal, as detecting or preventing the attack proved to be very difficult for email security services and users. It happened because the malicious invoices “comes directly from PayPal.”
However, according to Jeremy Fuchs, marketing content manager at Avanan, the email’s content is such that it can raise suspicion. For instance, the content has many grammar and spelling errors.
Moreover, the phone number listed in the email does not belong to PayPal. Fuchs suggests that users should call the phone numbers to find out whether the invoice is legitimate or not.
Here are some additional steps you can take to detect and protect yourself from PayPal phishing emails:
Google the content of the email before responding: It is always a good idea to Google the content and email address of the email that you suspect is a phishing one; it is quite possible that someone has already addressed the issue on discussion forums.
Look for spelling and grammar mistakes: Phishing emails often contain spelling and grammar mistakes. Be especially wary of emails that contain urgent requests or threats, as scammers often use these tactics to create a sense of urgency and panic.
Don’t click on any links: If an email asks you to click on a link to verify your account or update your information, don’t click on it. Instead, go directly to the PayPal website and log in to your account to see if there are any alerts or messages.
Never enter personal information: Never enter your personal or financial information in response to an email. PayPal will never ask you to provide sensitive information such as your password, Social Security number, or credit card details via email.
Use two-factor authentication: Enable two-factor authentication on your PayPal account to add an extra layer of security. This will require you to enter a code sent to your phone or another device in addition to your password when logging in to your account.
Report suspicious emails: If you receive a suspicious email, report it to PayPal immediately. Forward the email to phishing@paypal.com and then delete it from your inbox.
