That PayPal alert email could just be a phishing scheme
PayPal is being impersonated by scammers once again
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A newly discovered phishing campaign sees cybercriminalsimpersonatingPayPal as they try to scare victims into giving away sensitive information.
Cybersecurity researchers from email security company Avanan recently spotted a new campaign that has so far been, relatively successful due to the fact that it doesn’t carry any links.
Usually,phishingworks by redirecting people to malicious websites, via links shared in anemail. In this campaign, however, there are no links present in the emails, which renders most email security solutions useless.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
Two possible scenarios
It starts in a similar fashion to all other campaigns - the victim will get an email, claiming to be from PayPal, saying they’ve purchased $500 worth of Dogecoin, and that if they want to cancel the order, they should call the number provided further below.
While we don’t know what happens should a victim actually call that number, there are two possibilities. Either the attackers try and persuade the victims into giving away sensitive information (for example, PayPal login data, or credit card info), or they “cancel” the pending Dogecoin order and go about their day.
In the latter scenario, what the attackers walk away with is the victim’s phone number, which can then be used to mount a more serious attack.
“Just one successful attack can lead to dozens of other ones,” the researchers said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Watch out - that PayPal email could be a phishing attack>Watch out for this devious PayPal phishing campaign>A nasty new PayPal phishing campaign is doing the rounds
The phone number listed in the email is located in Hawaii, the researchers have found, but chances are, it’s just a routing number, and the actual threat actors are located elsewhere.
Major companies, such as PayPal, orMicrosoft, are often impersonated by threat actors trying to scam people. To stay safe, it is important to always double-check the email address of the sender, make sure the email doesn’t have any suspicious typos or spelling errors, and make sure not to click any links, or download any attachments.
The attachments are most likelyvirusesor other forms ofmalware.
Most major companies have instant messaging customer support, as well as social media accounts, which can be used to verify whether or not they’d really sent out the email or not.
Via:Tom’s Guide
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Your next smartwatch could be battery-free – and powered by your skin
