Phishing scam uses PayPal to send malicious invoices to potential victims


Jul 25, 2022 #"Technology Docking Stations, #Absorbable Modified Polymers Technology, #Advanced Technology Grants Pass, #Aidan'S Professional Technology Services, #Albuquerque Nm Information Technology Recruiters, #Bhd Technology Vr, #Catholic ""Information Technology, #Ceo Comcast Technology, #Computer Technology Electronic, #Current Applications Of Rdna Technology, #Disadvantages Technology Law, #Ferrum Technology Services, #Fundamentals Of Medical Laboratory Technology, #Gmu Department Of Information Technology, #Hornborg Alf Technology Effects, #I'M Done Working In Technology, #James V. Arms Technology, #Jurassic Park Technology Analysis, #Liquidmetal Technology News, #Llc, #Mathey Technology And Engineering, #Medical Technology In 500 Bc, #Musc Library Technology Downloads, #New Jersey Technology Office Space, #Pc Ralley Technology, #Ridge Technology Services, #Technology 3x Reverse Etf, #Technology Abuse Use, #Technology Adoption Three Types, #Technology Advantage Info, #Technology And Improving Menial Jobs, #Technology Classroom Building 311, #Technology Companys In Usa, #Technology Distracting Studying Students, #Technology Enablement White Paper, #Technology Images For Ppt, #Technology Impact On Finance Departments, #Technology In Chennai, #Technology In Greek Translation, #Technology Into History Lesson, #Technology Is Electricity Ted Talks, #Technology Professionals Of British Columbia, #Technology Relatesecuirty Topics, #Technology Studies Emu, #Technology To Prevent Medication Errors, #Technology Want What Ails Look, #Tesla Technology Roadmap, #Veterinary Assisting Vs Veterinary Technology", #Wentworth Institute Of Technology Animation, #What Is Today'S Technology, #With The Arise Of Technology

Security researchers have discovered a phishing scam that involves hackers using PayPal Holdings Inc. accounts to send malicious invoices to potential victims.

Detailed today by researchers at Avanan, the scam involves hackers sending malicious invoices from PayPal’s domain, using a free PayPal account they have signed up for. The body of the emails sent spoof brands such as Norton to trick victims into thinking they were legitimate.

Resembling a similar scam that used fake invoices sent from Quickbooks detailed earlier this month, the PayPal invoices include messages such as “thank you for purchasing Norton Security Premium plan, if you have not authorized this transaction, please call us with your credit card details.”

Called a “double spear” attack, the scam makes the users call the number and, when it’s called, the hackers try to make the users pay the invoice, obtaining their credit card details in the process.

The researchers warn that anyone receiving an invoice should Google the number and check accounts to see if there were any charges. In a corporate setting, anyone receiving an invoice is urged to ask the information technology department about of the legitimacy of an email.

“The attack is a reminder of the genius and persistence of threat actors,” Mark Arnold, vice president of advisory services at information security consulting firm Lares LLC, told SiliconANGLE. “They continue to build new tactics on existing ones to profit from security loopholes. Vendors and end users must increase due diligence against new tactics exploiting a combination of trusted applications like email, QuickBooks and PayPal. There are certainly others that attackers are curating to exhaust this tactic before the security loophole is closed.”

Patrick Tiquet, vice president, security and architecture at zero-knowledge cybersecurity software company Keeper Security Inc., noted that this is a very difficult class of phishing attack to counter with the usual technology-based tools.

“Prevention of this kind of attack really comes down to training and awareness,” Tiquet explained. “Users must be made aware that this kind of attack exists and how to recognize it. This is the only way of preventing this, short of filtering and analyzing all emails that appear to be an invoice.”

Image: Avanan

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

By lita