PayPal scams come in all shapes and sizes, from email-based social engineering schemes to bogus posts and websites that try to trick customers into providing personal data, money and login information.
According to Bitdefender Antispam Lab, PayPal phishing emails are common, with antispam filtering technology flagging bogus correspondence impersonating the online payment system every month.
While most fraudulent correspondence is based on recycled email templates or texts, cyber crooks sometimes go off course to maximize profits and sneak past email filtering software or users’ phishing awareness and knowledge.
On Monday, Bitdefender Labs detected a new phishing campaign targeting PayPal users worldwide. The scam notification email is sent through PayPal's official system ([email protected]), allowing threat actors to generate and edit various invoices to trick unsuspecting users. By sending an official-looking invoice via compromised or free PayPal business accounts, scammers have endless opportunities to defraud consumers.
In one sample, the attackers tell recipients they have been charged $637 for security software from a well-known provider that is about to be delivered to a different email recipient.
The embedded link takes users to a PayPal webpage containing the invoice details and warns of suspicious activity on their account.
“There is evidence that your PayPal account has been accessed unlawfully,” the message reads. “Above amount has been debited to your account for the [redacted] Software Purchase.”
In this scam, cybercrooks were crafty enough to not use brick-and-mortar phishing tactics such as links or malicious attachments. Instead, they ask email users to call a fake toll-free phone number (in most samples).
Other variations include purchases for Walmart gift cards of $620 in value and purchases for digital currencies including Tether and Cardano.
Fraudulent phone numbers included in the correspondence include:
How to protect your data and money
Cybercrooks will do anything in their power to convince you that the correspondence you are reading is legitimate. To guard against a phishing attack, use your common sense and:
The scammers behind this attack have deliberately mentioned that the “transaction will appear in the automatically deducted amount on PayPal activity after 24 hours” to throw you off their trail.
Ever wonder how spammers got your email address or phone number? Use Bitdefender Digital Identity Protection to find out if your personal information has been leaked online or has been part of a data breach to protect against identity theft, account takeover attacks and other privacy risks.
Bitdefender Digital Identity Protection continuously monitors your personal information, alerting you in real time in case of data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation, which can ruin your reputation.
Managing your digital footprint has never been easier. With our dedicated privacy tool, you can:
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024