for a phishing campaign To succeed, the cybercriminals behind it first need to make sure that their temptations can reach potential victims, which is why they have recently resorted to PayPal To send fake invoices.
according to new report (Opens in a new tab) From Checkpoint-owned cybersecurity company Avanan, cybercriminals are now using the legitimacy of PayPal to access the inboxes of unsuspecting users.
Beginning in June of this year, the company’s security researchers first noticed this new technology that uses PayPal to send malicious invoices and request payments. The cybercriminals behind this new campaign are using free PayPal accounts to send emails from the company domain while they’re spoofing Antivirus software Brand Norton.
After creating an account, cybercriminals use PayPal features to create an account fake invoices They edit the fake business name and phone numbers to make it look more legitimate.
These fake invoices also include a message that reads: “Thank you for purchasing the Norton Security Premium plan, if you haven’t authorized this transaction, please contact us with your credit card details.”
Unsuspecting users, who do not remember to sign up for Norton Antivirus, can call the number and provide their credit card details to avoid change. However, in doing so, they willingly give the attackers their phone number and payment information that can be used in future attacks.
fixed highway
This is not the first time that Avanan has observed cybercriminals abusing legitimate services in their attacks. In fact, just last month released a file Report (Opens in a new tab) It details how QuickBooks was used to carry out a very similar type of attack.
Since both QuickBooks and PayPal are on the allow lists for The best email servicesEmails sent from either service go directly to the user’s mailbox. Avanaan calls this fixed highway (Opens in a new tab) It refers to the practice of cybercriminals using websites on persistent whitelists to ensure that phishing emails reach users’ inboxes.
In this case, PayPal was notified of this new attack by Avanan on July 19 and the company plans to update its report with additional information as soon as it hears a response from the payments giant.
How to avoid falling victim to this and other phishing scams
In order to avoid this phishing scam, users first need to monitor their inbox and PayPal accounts for fake invoices. If you receive an invoice for a product or service that you don’t remember buying, you should check your PayPal account first to see if you ordered something and forgot about it. However, you should not call the phone number on any fake invoices or provide your credit card details over the phone to anyone.
For those who are curious about the phone number on a fake bill, Avanan advises users to search for the phone number in the search engine first. You can also check the company’s website to see if the phone number provided on the invoice matches the number listed on the company’s website.
Another big thing to look for when it comes to scam emails is a file sense of urgency. Cybercriminals and scammers often give potential victims a short time frame to respond to their messages – this is a big red flag for phishing scams and emails.
Now that Avanan has raised awareness of the fact that cybercriminals are abusing legitimate services to send phishing emails, it is likely that companies that are being spoofed will require users to provide more details when they sign up to avoid misusing their services.
[ad_2]