(malwarebytes.com) Scammers Exploit PayPal’s Legitimate Services to Deliver Deceptive Payment Notifications
-
(malwarebytes.com) Scammers Exploit PayPal’s Legitimate Services to Deliver Deceptive Payment Notifications
New PayPal-themed phishing campaign abuses legitimate email notifications, bypassing DKIM/SPF/DMARC via manipulated subject lines. Attackers alter genuine PayPal payment emails to falsely claim pending charges (e.g., $987.90) while the body shows nominal amounts (e.g., ¥1 JPY).
In brief - Scammers exploit PayPal’s email system to send verified but deceptive payment alerts, tricking users into calling fraudulent support numbers. The attack leverages social engineering and PayPal’s remittance fields to weaponize subject lines, evading traditional email security.
Technically - The campaign abuses PayPal’s payout templates, where arbitrary text in note/remittance fields surfaces in subject lines. Emails originate from service@paypal.com and pass authentication checks, but the subject line is altered to include fake charges and scammer contact details. Victims are coerced into installing remote access tools or divulging credentials.
-
R relay@relay.infosec.exchange shared this topic
