PAYPAL users are the latest targets of cyber crooks looking to make a quick buck using devious online scams.

According to security experts, fraudsters have found a way to send phishing emails using the services provided by finance apps.

ReutersHackers are targeting users of online payment service PayPal[/caption]

The tactic helps them slip past defences erected by email providers and antivirus software to block nefarious messages.

Researchers at Avanan, a company owned by U.S. security behemoth CheckPoint, discovered the attack in June 2022.

In a blog post, they described how scammers used free PayPal accounts to “send malicious invoices and requests”.

Recipients of the requests may have assumed that the invoices were legitimate as they came from official PayPal domains.

Read more about scam

TICKED OFF

Police warn of rising WhatsApp scam that can rinse your bank account in seconds

EVIL APPS

New deep fake app scam photoshops victim’s face onto porn

They may then hand over their credentials or banking information to attackers, who quickly drain their coffers.

Avanan experts first discovered attackers employing the tactic using free accounts with accounting software provider QuickBook.

Last month, they uncovered a similar scheme that utilised free PayPal accounts to part people with their cash.

The campaign is particularly devious because the phishing emails are sent using PayPal’s tools and services.


That makes them less likely to be spotted as phoney by recipients and software designed to block scams from people’s inboxes.

“A hacker would create a free account in QuickBooks,” Avanan’s Jeremy Fuchs wrote in the blog post.

“They would create a spoofed invoice, either for Norton or Microsoft, and then send it to the user.

“Since it’s created in QuickBooks, the email comes across as legitimate. Email scanners see a legitimate QuickBooks domain.

“Since QuickBooks is on most Allow Lists as a legitimate site, the email passes right through.”

Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.

The website, however, is phoney with fake content designed to persuade a victim to enter sensitive information, like a password or email address.

Attackers behind the latest campaign changed invoice data to look legitimate, for instance by using names of legitimate companies.

They also added official logos and more to the phoney payment requests.

If you’re unsure whether an invoice is legitimate, contact the company who sent you the request to confirm.

Look up the correct phone number online rather than using anything provided in the message, as this may also be fake.

Read More on The Sun

NAME SHAME

My four-year-old daughter hates her name – people say it’s unusual but I love it

TRUE LOVE?

I’m engaged to someone who lives 7000 miles away – I send her £400 a month

If you’re worried that you might have fallen for a financial scam, the first thing you should do is contact your bank.

You should then report it to ActionFraud. Their website is actionfraud.police.uk, and their phone number is 0300 123 2040.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…

How to delete your Instagram account
What does pending mean on Snapchat?
How to check if you’ve been blocked on WhatsApp
How to drop a pin on Google Maps
How can I change my Facebook password?
How to go live on TikTok
How to clear the cache on an iPhone
What is NFT art?
What is OnlyFans?
What does Meta mean?

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

Similar Posts