This PayPal scam exploits new address feature to send out phishing scam emails

News
By
published

No, you didn't get a notification from PayPal

PayPal
  • New phishing technique discovered abusing PayPal
  • The attack uses a feature recently added to the payments platform
  • The goal is to get victims to install remote desktop access software

A sophisticated phishing scam has been spotted abusing PayPal and other services, with the goal of tricking people into granting cybercriminals access to their devices.

Researchers from BleepingComputer who, themselves, received one such phishing email, and decided to investigate further.

The victims would get an email directly from “service@paypal.com” claiming a new address had been added to their account, and that a purchase of a new MacBook M4 laptop was completed. The victims were then invited to call a phone number enclosed with the email, if they wish to cancel the order.

Abusing legitimate services

Obviously, all of this is fake. There is no new address, no MacBook, and the phone number - while active - does not belong to PayPal, but rather to the scammers. The goal is to scare people into rash decisions, calling the phone number to quickly cancel the order. The person on the other side would claim the computer was compromised, and that they needed to install an antivirus to clean it up.

This antivirus is actually a ConnectWise ScreenConnect client, which would grant the attackers total control over the computer. After that, they can steal the data, make actual wire transfers, and more.

One thing that actually isn’t fake is PayPal’s email address. As BleepingComputer discovered, PayPal recently introduced a new feature that allows users to add “gift addresses” to their own profiles. So, in reality, the attackers actually added a new address to their own account.

After adding a new address, PayPal can send a customized notification email. This customization allowed the attackers to add the “You purchased a new MacBook phishing message.”

The notification message was then automatically forwarded to another account which, the publication speculates, is a mailing list that forwarded it to the victims.

PayPal users getting this email can safely ignore it. If you’re still suspicious, navigate directly to paypal.com and check to see if there is a new address added (there isn’t).

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Kaspersky Report on Stalkerware

Security flaw in popular stalkerware apps is exposing phone data of millions
Close up of a person touching an email icon.

Top US mineral firm hit by cyberattack that saw thieves steal $500,000
Cooling system of powerful graphics card, heat produced by data processing, computation and bitcoin mining

What is a normal temperature for a GPU?
See more latest