HomeCII/OTNew PayPal Phishing Scam Utilizes MS365 Tools and Authentic Emails

New PayPal Phishing Scam Utilizes MS365 Tools and Authentic Emails

Published on

spot_img

Fortinet’s FortiGuard Labs recently uncovered a sophisticated phishing scam targeting PayPal users, designed to exploit a vulnerability within the platform’s system. This scam, as identified by Fortinet’s Chief Information Security Officer, Carl Windsor, aims to deceive unsuspecting victims into linking their PayPal accounts to unauthorized addresses, potentially giving scammers control over their finances.

The modus operandi of this scam involves sending out authentic-looking emails with genuine sender addresses and URLs. The email directs recipients to a legitimate PayPal login page, where they are prompted to log in to investigate a supposed payment request. Unbeknownst to the victims, by logging into their PayPal accounts through these malicious links, they inadvertently link their accounts to the scammers, putting their financial well-being at risk.

Further investigation into this scam revealed that the attackers utilized a Microsoft365 domain to send out PayPal money requests, bypassing traditional phishing filters. By registering an MS365 test domain and creating a Distribution List containing victim emails, the scammers were able to distribute legitimate PayPal money requests to their targets. The Microsoft365 SRS rewrite scheme was used to rewrite the sender address of these emails, allowing them to pass SPF/DKIM/DMARC checks undetected.

Once a victim falls prey to this scam and logs into their PayPal account through the malicious link, the scammer’s account becomes linked to the victim’s account, enabling the scammer to take control of the victim’s PayPal account. This method cleverly bypasses PayPal’s phishing detection mechanisms, making it difficult for users to discern the authenticity of the scam.

In response to this evolving threat, Windsor emphasized the importance of maintaining a vigilant approach to cybersecurity. He highlighted the significance of being cautious of unsolicited emails, refraining from clicking on links or attachments from unknown senders, verifying URLs by hovering over them, and refraining from entering login credentials on unfamiliar websites. Additionally, enabling two-factor authentication (2FA) on PayPal accounts can provide an extra layer of security against such phishing attempts.

This latest phishing scam underscores the critical need for cybersecurity awareness among users. By staying informed and adopting best practices for online security, individuals can protect themselves from falling victim to such fraudulent schemes. As cybercriminals continue to devise increasingly complex and deceptive tactics, it is essential for users to remain vigilant and proactive in safeguarding their digital assets and personal information.

Source link

Latest articles

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...

Karl Triebes is appointed as Ivanti’s Chief Product Officer

Salt Lake City, January 13, 2025 - Ivanti, a leading software company dedicated to...

More like this

Hacking group exposes information on 15k vulnerable FortiGate firewall devices

A recent development in the ongoing cybersecurity saga involving vulnerable Fortinet FortiGate firewall devices...

Biotech company resolves class action lawsuit stemming from ransomware attack with $7.5 million settlement

Enzo Biochem, a prominent biotech company, recently made headlines after agreeing to settle a...

Aadhaar-based biometric verification required for new SIM cards to combat fraud and cybercrime – StartupNews.fyi

The Indian government has announced a new measure to combat fraudulent activities associated with...