Hackers Hijack PayPal’s System To Send Convincing Scam Emails

A recent scam is targeting PayPal users by sending fake emails that appear to come from PayPal’s official address, “service@paypal.com.”

The most concerning part of this scam is that attackers are using legitimate PayPal emails. Since these messages are properly authenticated, they bypass security filters and spam protections, as noted by Forbes.

This makes it more likely that recipients will trust the email and follow the instructions, ultimately giving scammers access to their PayPal accounts.

New PayPal Phishing technique bypass all filters ?
byu/prometheus_0day inScams

The scam, first reported by Bleeping Computer, uses these emails to claim that a new shipping address has been added to an account and include a message about a supposed purchase, such as a MacBook M4 Max 1 TB priced at $1,098.95.

The email urges recipients to call a provided phone number if they did not authorize the change. The researchers explain that scammers exploit PayPal’s “gift address” feature, which allows users to add multiple shipping addresses to their accounts.

By inserting fraudulent messages into the address fields, they trigger legitimate confirmation emails from PayPal to their own email addresses.

These emails are then forwarded to a broader list of targets, making it appear as though PayPal is directly contacting them. Since these emails originate from PayPal’s servers, they often bypass spam filters and seem authentic to recipients.

The primary goal is to alarm recipients into believing their account has been compromised. The email prompts them to call a fake customer support number. When victims call, scammers posing as PayPal representatives instruct them to download software under the guise of resolving the issue.

This software grants the scammers remote access to the victim’s computer, enabling them to steal personal information, install malicious programs, or access financial accounts.

To safeguard against such scams, the researchers say that users should verify account changes by logging into their PayPal account directly through the official website or app rather than using contact details from suspicious emails.

Even if an email appears legitimate, links and attachments should not be opened unless their authenticity is confirmed.

The researchers explain that common red flags of phishing attempts include generic greetings like “Dear user,” urgent requests for immediate action, or notifications of unrecognized transactions.

Any suspicious communications should be forwarded to phishing@paypal.com before being deleted.

This security incident comes as PayPal faces increased scrutiny over its cybersecurity practices. In a separate case, the company was fined $2 million by New York’s Department of Financial Services for failing to prevent a data breach in late 2022.

The breach, which lasted seven weeks, exposed sensitive customer information, including Social Security numbers, due to PayPal’s failure to implement multifactor authentication and CAPTCHA.

The company has since strengthened its security measures by mandating multifactor authentication and enforcing stricter login protocols.

Bleeping Computer reports that PayPal has acknowledged the new scam issue and is reportedly working on measures to prevent such abuses of their system. In the meantime, users are advised to remain vigilant and proactive in protecting their accounts.