A phishing campaign from a legitimate PayPal Business account
Articles by the same author:
1
2
4
A recent investigation revealed the mechanics of a sophisticated phishing attack using emails sent from a legitimate PayPal address.
Phishing attacks are becoming ever more complex, and the most advanced employ baits that seem as legitimate as possible. This is the case of a recent phishing attack targeting PayPal users, as detailed in an investigation by KrebsonSecurity.
The hackers took control of a PayPal Business account and used it to send a group of customers emails warning them that their PayPal accounts were possibly compromised.
The users were given a link to an invoice hosted on PayPal’s official website with this warning: « there is evidence that your PayPal account has been accessed unlawfully. $600.00 has been debited from your account for the Walmart eGift Card purchase ».
The message concludes by asking users to contact a toll-free number if they did not make this transaction. If the victim calls this number, the person who answers claims to be from « customer service » and suggests that they download a piece of software. This software allows the fraudsters to take control of the target computer remotely—a much more lucrative goal than just access to a PayPal account.
The emails all come from a legitimate PayPal address, allowing them to pass anti-spam checks. Additionally, the fake invoice comes from a paypal.com subdomain. This leads some of even the most vigilant users to let their guard down.