Phishing Scam Sends Invoice From Compromised PayPal Account
There's a new PayPal phishing scam making the rounds and this one is particularly troubling because it appears to originate from within PayPal.
Scammers are using PayPal Business accounts to send invoices/emails via PayPal that warn of suspected fraud tied to a pending $$$ charge. All links in invoice/email go to paypal. Those who call the tollfree # are asked to d/l remote administration software https://t.co/L2oaYmAMu3
— briankrebs (@briankrebs) August 18, 2022
Security expert Brian Krebs of Krebs on Security explains how the scam works:
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars.
Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.
It appears the fraudsters are using compromised PayPal business accounts to send these invoices, which makes the message all the more convincing because it does come from a real PayPal account which means all links in the email will legitimately lead to the real PayPal website and the email headers will pass validation as a real email sent by PayPal.
The emailed invoice includes the following message:
"There is evidence that your PayPal account has been accessed unlawfully.
$600.00 has been debited to your account for the Walmart Gift Card purchase. This transaction will appear in the automatically deducted amount on PayPal activity after 24 hours. If you suspect you did not make this transaction, immediately contact us at the toll-free number..."
Here's where the scam really gets tricky - they seem to be less interested in getting your PayPal login or tricking you into paying an invoice and much more interested in causing you to panic at an unrecognized $600 charge and calling the toll free customer service number they've provided for "help".
That phone number apparently connects to a "customer service" rep who then attempts to get the victim to allow remote access to their computer to resolve the issue.
As Krebs explains, the real prize for these fraudsters is complete control over your computer which would give them access to a treasure trove of personal data, emails, and stored password information.
A call to the toll-free number listed in the invoice was received by a man who answered the phone as generic “customer service,” instead of trying to spoof PayPal or Walmart. Very quickly into the conversation he suggested visiting a site called globalquicksupport[.]com to download a remote administration tool. It was clear then where the rest of this call was going.
So many scams like this are designed to cause an immediate panic response because they know it may cause victims to take actions they wouldn't normally without thinking it through.
The best advice to protect yourself against many varieties of phishing scams is to manually access the account or service in question to verify details or contact support.
Don't click on links or text or call phone numbers that are listed in the email - instead open a new browser and navigate to the site directly, preferably through a bookmarked verified safe link, and use the help and contact information there to get assistance or report suspected fraud.
