HQ/EMEAFind out how we can help your business
A persistent PayPal email fraud leverages the platform’s new address settings to disseminate false purchase notifications, deceiving customers into providing remote access to threat actors.
Various reports revealed that PayPal allegedly sent emails claiming that the recipients added a new address last month. This detail suggests that the user unknowingly confirmed that it added an address to your ITV account.
It also contains a message claiming to be a purchase confirmation for a MacBook M4 and instructions for the recipient to report the included PayPal number if they did not authorise the purchase.
Additionally, the money-sending platform launches emails directly from the address service@paypal.com, which causes users anxiety since their accounts could have been compromised.
Individuals who received the email confirmed that no additional addresses had been added to their accounts. In this case, the scam email was sent to an email address without a PayPal account.
Because the emails are real PayPal emails, they pass through security and spam filters. These emails trick recipients into believing their account have been stolen so they can purchase a MacBook and then scare them into calling an attacker-controlled PayPal support phone number.
The new scam that targets PayPal users leverages a fake customer representative.
Once a recipient contacts the number, a recording will play, and it will announce that it has reached PayPal customer service. The recording will be placed on hold until a support representative is available. The call will then attempt to connect the caller with a fake customer support representative.
This fraudster will try to scare the caller into believing that their account has been hacked, then urge them to download and run the program so that they can “help” the caller regain access to the account and block the purported transaction.
Subsequently, this scammer will send the complainant to a website and enter a service code provided by the fake PayPal representative. Entering this code will cause a ConnectWise ScreenConnect client to be downloaded from lokermy.numaduliton[.]icu or other websites, which the fraudster will instruct the user to run.
However, in prior frauds like this, once the threat actor has access to the computer, they attempt to steal money from bank accounts, install malware, or take data from it.
Therefore, if PayPal users receive a real email from PayPal claiming that they have updated their address and it includes a fraudulent purchase confirmation, ignore it and do not call the stated phone number, as it belongs to the scammers.
To be safe, check your PayPal account and ensure no further addresses have been added. If none have been added, delete the email.
