A recent phishing campaign has been uncovered by Fortinet, targeting PayPal users and using legitimate links to deceive victims and gain unauthorized access to their accounts. This new scheme has raised concerns among cybersecurity experts, who warn users to remain cautious of unsolicited emails, even if they appear to be legitimate.
The phishing emails in this campaign closely mimic PayPal notifications, including payment details, warnings, a genuine sender address, and a legitimate URL to bypass security checks. Upon clicking the link provided in the email, recipients are directed to a legitimate PayPal login page displaying a payment request. In a state of panic, a user may log in, inadvertently linking their PayPal account to the phishing email’s fake address rather than the address from which it was received, leading to potential account compromise.
According to a report published by Fortinet, the scammers behind this campaign seem to have registered a Microsoft 365 test domain that offers a free trial for three months. They then created a Distribution List (Billingdepartments1[@]gkjyryfjy876.onmicrosoft.com) containing the email addresses of their victims. Subsequently, the scammers requested money through the PayPal web portal, adding the distribution list as the recipient address.
The clever twist in this phishing campaign lies in the use of the Microsoft 365 Sender Rewrite Scheme (SRS), which rewrites the sender’s address to pass SPF/DKIM/DMARC checks. This allows the scammer’s account (Billingdepartments1[@]gkjyryfjy876.onmicrosoft.com) to be linked to the victim’s PayPal account once they log in to investigate the payment request. This tactic enables the scammer to take control of the victim’s PayPal account without triggering traditional phishing detection mechanisms.
To protect themselves from such attacks, users are advised to exercise caution when interacting with unsolicited emails, even if they seem genuine. The report emphasizes the importance of having a well-trained “Human Firewall” within organizations – individuals who are vigilant and cautious when dealing with potentially malicious emails.
Security experts stress the need for ongoing cybersecurity training to educate employees on how to identify and respond to phishing attempts effectively. By raising awareness and fostering a culture of cybersecurity vigilance within organizations, they can better shield themselves and their sensitive information from cyber threats.
As phishing attacks continue to evolve and become more sophisticated, it is crucial for individuals and organizations to remain informed and proactive in their cybersecurity practices. By staying vigilant and taking precautionary measures, users can help safeguard their personal and financial information from falling into the hands of cybercriminals.