Spammers switch tactics by asking recipients to call toll-free numbers in PayPal phishing campaign

PayPal scams come in all shapes and sizes, from email-based social engineering schemes to bogus posts and websites that try to trick customers into providing personal data, money and login information.

According to Bitdefender Antispam Lab, PayPal phishing emails are common, with antispam filtering technology flagging bogus correspondence impersonating the online payment system every month.

While most fraudulent correspondence is based on recycled email templates or texts, cyber crooks sometimes go off course to maximize profits and sneak past email filtering software or users’ phishing awareness and knowledge.

On Monday, Bitdefender Labs detected a new phishing campaign targeting PayPal users worldwide. The scam notification email is sent through PayPal's official system ([email protected]), allowing threat actors to generate and edit various invoices to trick unsuspecting users. By sending an official-looking invoice via compromised or free PayPal business accounts, scammers have endless opportunities to defraud consumers.

In one sample, the attackers tell recipients they have been charged $637 for security software from a well-known provider that is about to be delivered to a different email recipient.

The embedded link takes users to a PayPal webpage containing the invoice details and warns of suspicious activity on their account.

“There is evidence that your PayPal account has been accessed unlawfully,” the message reads. “Above amount has been debited to your account for the [redacted] Software Purchase.”

In this scam, cybercrooks were crafty enough to not use brick-and-mortar phishing tactics such as links or malicious attachments. Instead, they ask email users to call a fake toll-free phone number (in most samples).

Other variations include purchases for Walmart gift cards of $620 in value and purchases for digital currencies including Tether and Cardano.

Fraudulent phone numbers included in the correspondence include:

• +1 (888) 870-2819
• +1 (888) 870-3695
• +1 (888) 870-4318
• +1 (888) 870-4319
• +1 (888) 870-5014
• +1 (888) 870-5293
• +1 (479) 343-9751

How to protect your data and money

Cybercrooks will do anything in their power to convince you that the correspondence you are reading is legitimate. To guard against a phishing attack, use your common sense and:

• Head to your PayPal account to check for any new purchases and review your invoices or statements for suspicious activity before calling any numbers listed in the contact section of the message, even if they are toll-free numbers.

The scammers behind this attack have deliberately mentioned that the “transaction will appear in the automatically deducted amount on PayPal activity after 24 hours” to throw you off their trail.

• Never provide sensitive data, including credit card details, personally identifiable or login credentials, via phone or other contact methods, and never download remote access software to "fix" the issue.
• Notify the company of any misuse and suspicious activity via [email protected] or contact PayPal customer service via the official webpage

Ever wonder how spammers got your email address or phone number? Use Bitdefender Digital Identity Protection to find out if your personal information has been leaked online or has been part of a data breach to protect against identity theft, account takeover attacks and other privacy risks.

Bitdefender Digital Identity Protection continuously monitors your personal information, alerting you in real time in case of data breaches and leaks. This lets you immediately change your passwords and secure your accounts to prevent financial loss or even social media impersonation, which can ruin your reputation.

Managing your digital footprint has never been easier. With our dedicated privacy tool, you can:

• Discover the extent of your digital footprint
• Find out if your personal information has been exposed in legal and illegal collections of data
• Benefit from 24/7 data breach monitoring for up to five email addresses
• Get instant alerts to new breaches and privacy threats
• Detect social media impersonators