Depositphotos
It seems that using real company servers is becoming a trend among hackers. Recently ITC.ua wrote about Google, now «in the sights of» PayPal users.
As in the case of Google In this case, the attackers masquerade as a genuine support service to take over the user’s account data. At the same time, emails from them are identified as genuine, pass DKIM verification, and do not fall into spam. Users are informed about adding addresses to their accounts to make expensive purchases. Frightened people are directed to the fraudsters’ phones for further communication in order to gain access to their accounts.
Over the past month, users have received emails from PayPal with the following content: «You have added a new address. This is just a quick confirmation that you have added an address to your PayPal account». The email contains the new address that the user supposedly added to PayPal, along with a message that purports to be a confirmation of the MacBook M4 purchase, and a request to call the purported PayPal support number to cancel the purchase.
«Confirmation: Your MacBook M4 Max 1TB ($1098.95) shipping address has been changed. If you haven’t authorized this update, please contact PayPal at +1-888-668-2508», — the email says.
The messages are sent from the address «service@paypal.com», and therefore cause the victim real concern. However, those who receive them confirm that no new addresses have been added to their accounts. Interestingly, the emails are also sent to users’ email addresses that are not linked to a PayPal account.
So, the recipient believes that their account has been hacked to buy a MacBook and calls the fake PayPal support number — the fraudsters. In response, a recording is automatically played saying that he has contacted PayPal support and that he needs to wait for an operator. The person on the other end of the line tries to scare the user and convince them to download and run software from the site, which will allegedly allow company employees to restore access to the account and block the transaction.
BleepingComputer advises that if you receive an email like this, simply ignore it and check your PayPal account to make sure that it hasn’t been attached to some strange address and purchases. The original publication describes the technical details of the fraud. The researchers write that they were able to understand how such emails are generated and that some restrictions on the part of PayPal could prevent phishing.