Attackers are leveraging online payment system PayPal to send malicious invoices directly to users through the platform.
This campaign was recently discovered by Avanan security researchers. Checkpoint It said it was different from previous campaigns the company had seen.
“This is different from many attacks impersonating PayPal. This is a malicious invoice sent directly from PayPal,” he said. Recommendation Published earlier today.
Seen as part of a malicious campaign, the phishing email warned users that their account had been fraudulent and threatened a $699.99 fine if the victim did not take action.
But Jeremy Fuchs, marketing content manager at Avanan, wrote that the body of the email could warn cautious users that the email isn’t real.
“First, the grammar and spelling are all over the place. Second, the phone numbers listed have nothing to do with PayPal.”
At the same time, Fuchs said some users may decide to call the phone number to get more information about the email.
“The general goal is to call that number or follow up with more details. It’s also a chance to trick you on the phone.”
According to the Avanan team, there are several benefits of using PayPal for threat actors. For example, you can send many invoices at once for a professional look.
“Furthermore, the emails come directly from PayPal. The emails themselves are not malicious. Every day, we receive countless legitimate invoices sent through PayPal. and passes DMARC checks.”
To protect against such attacks, Avanan recommends that the security team look up the phone number in the email before calling. She also needs to implement advanced methods for checking if her email is clean and encourage a culture of transparency where users can ask her IT department for help if needed.
Campaign spotted by Avanan comes weeks after PayPal Notify thousands of US customers Their login was compromised over a month ago.
