PAYPAL users are the latest targets of cyber crooks looking to make quick bucks from sneaky online scams.
According to security experts, scammers have found a way to send phishing emails using the services of financial apps.
The tactic helps them bypass defenses built by email providers and antivirus software to block malicious messages.
Researchers from Avanan, a company owned by US security giant CheckPoint, discovered the attack in June 2022.
in one blog entrythey described how scammers used free PayPal accounts to “send malicious invoices and requests.”
The recipients of the requests may have assumed that the invoices were legitimate since they came from official PayPal domains.
They can then give their credentials or bank details to attackers, who quickly empty their coffers.
Avanan experts first spotted attackers using this tactic with free accounts at accounting software provider QuickBook.
Last month they uncovered a similar scheme using free PayPal accounts to take people’s money.
The campaign is particularly sneaky because the phishing emails are sent using PayPal’s tools and services.
This makes them less likely to be detected as fake by recipients and software designed to block scams from people’s inboxes.
“A hacker would create a free account in QuickBooks,” Avanan’s Jeremy Fuchs wrote in the blog post.
“They created a fake invoice, either for Norton or Microsoft, and then sent it to the user.
“Because it was created in QuickBooks, the email looks legitimate. Email scanners detect a legitimate QuickBooks domain.
“Because QuickBooks is on most allow lists as a legitimate website, the email goes straight through.”
Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as B. a bank, a social media platform or another service.
However, the website is fake with fake content designed to trick a victim into entering sensitive information like a password or email address.
Attackers behind the recent campaign altered billing data to look legitimate, for example by using legitimate company names.
They also added official logos and more to the fake payment requests.
If you are unsure whether an invoice is legitimate, contact the company that sent you the request for confirmation.
Look up the correct phone number online instead of using anything in the message as this can also be fake.
If you are concerned that you have been scammed by a financial scam, the first thing you should do is contact your bank.
You should then report it to ActionFraud. your site is actionfraud.police.ukand her phone number is 0300 123 2040.
The best tips and hacks for phones and gadgets
Looking for tips and hacks for your phone? Want to find these secret features in social media apps? We’ve got you covered…
Get the latest news about WhatsApp, Instagram, Facebook and other tech gadgets here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at firstname.lastname@example.org
https://www.thesun.ie/tech/9219609/warning-paypal-users-bank-account-emptied/ Warning to MILLIONS of PayPal users – Your bank account could be drained