Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label PayPal Scam. Show all posts
Subscription Abuse
Cyber Fraud Identity Theft PayPal Scam Phishing Campaign Subscription Abuse

PayPal Subscriptions Exploited in Sophisticated Email Scam

 

Hackers have found a clever way to misuse PayPal's legitimate email system to send authentic looking phishing scams that are able to bypass security filters and look genuine to the end users.

Over the last few weeks, users are complaining that they are receiving emails from PayPal's legitimate address "service@paypal.com" informing that their automatic payment has expired. The emails successfully pass all the usual security checks such as DKIM and SPF authentication and have proved to be coming directly from PayPal’s mail servers. 

One of the reasons these messages are potent is that the scammers have altered the Customer Service URL to take users to their own websites from where they can see fake purchase notifications, claiming victims have purchased high-priced electronics such as MacBooks, iPhones, or Sony devices for USD 1,300 to 1,600.

The spam text message contains Unicode characters which can make the words bold or in different fonts, all this is to help to get round spam filters and keyword detection. Instead, the messages tell recipients to call a phony “PayPal support” phone number to cancel or dispute the alleged charges. 

BleepingComputer's analysis of logs and transactions shows that the PayPal Subscriptions feature is being abused by scammers. When merchants hold a subscriber's subscription, they can do so with their own mechanism, and PayPal, in turn, will notify subscribers via email. PayPal seems to be vulnerable to a subscription metadata attack - perhaps in an API or legacy platform - which lets attackers insert arbitrary text in the Customer Service URL field (it normally only accepts valid URLs). 

The scammers can forge emails and register a fake subscriber account for an email address associated with Google Workspace mailing list. When these accounts receive the notification from PayPal, the mailing list service sends what looks like a legitimate e-mail from PayPal to the list of "victims", making it looks more and more like a scam.

Safety measures

Recipients should ignore these emails and avoid calling the provided phone numbers. These tactics historically aim to facilitate bank fraud or trick victims into installing malware on their devices . PayPal confirmed awareness of the scam and recommends customers contact support directly through the official PayPal app or website if they suspect fraudulent activity. Users concerned about account compromise should log into their PayPal account directly rather than clicking email links to verify whether any unauthorized charges actually occurred.
Read more »
Phishing scam
Cyber Fraud Google Ads Malicious Campaign PayPal Scam Phishing scam

Scammers Exploit Google and PayPal’s Infrastructure to Steal Users Private Data

 

Cybersecurity experts discovered a sophisticated phishing campaign that used Google Ads and PayPal's infrastructure to defraud users and obtain sensitive personal information. 

The attackers abused vulnerabilities in Google's ad standards and PayPal's "no-code checkout" feature to create fake payment links that appeared authentic, duping victims into communicating with fake customer care agents. 

Malicious actors created fraudulent adverts imitating PayPal. These adverts shown in the top search results on Google, displaying the official PayPal domain to boost user trust. A flaw in Google's landing page regulations allowed these advertisements to send consumers to fraudulent sites hosted on PayPal's legitimate domain.

The URLs used the format paypal.com/ncp/payment/[unique ID], which was designed to allow merchants to securely accept payments without requiring technical knowledge. 

Scammers took advantage of this functionality by customising payment pages with misleading information, such as fake customer service phone numbers labelled as "PayPal Assistance." Victims, particularly those using mobile devices with limited screen area, were more likely to fall for the scam due to the challenges in spotting the fake nature of the links. 

Mobile devices: A key target 

Due to the inherent limitations of smaller screens, mobile users were the campaign's main target. Users of smartphones frequently rely on the top search results without scrolling further, which increases their vulnerability to clicking on malicious ads. Additionally, once they were directed to the phoney payment pages, users would see PayPal's official domain in their browser address bar, which further confirmed the scam's legitimacy. 

Victims who called the fake help numbers were most likely tricked into disclosing sensitive information or making unauthorised payments. According to MalwareBytes Report, this attack highlights how cybercriminals may use trusted platforms such as Google and PayPal to conduct sophisticated scams. Scammers successfully bypassed typical security measures by combining technical flaws with social engineering techniques, preying on people' trust in well-known brands.

The campaign has been reported to Google and PayPal, yet new malicious adverts utilising similar techniques continue to appear. Experts advise people to use caution when interacting with online adverts and to prioritise organic search results above sponsored links when looking for legitimate customer service information. Security technologies such as ad blockers and anti-phishing software can also help to reduce risks by blocking malicious links.
Read more »
Subscribe to: Comments (Atom)